macos 在 Mac OSx 上通过 SSH 连接到 EC2 时出现权限错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2179427/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Permissions error when connecting to EC2 via SSH on Mac OSx
提问by Josh Scott
I am new to EC2. I created my security credentials from this site:
我是 EC2 的新手。我从这个站点创建了我的安全凭证:
http://paulstamatiou.com/how-to-getting-started-with-amazon-ec2
http://paulstamatiou.com/how-to-getting-started-with-amazon-ec2
It worked great, I rebooted and now when I try to connect I get a login/password prompt. (Which I never set up.) After several attempts I get this error:
效果很好,我重新启动,现在当我尝试连接时,我收到登录/密码提示。(我从未设置过。)多次尝试后,我收到此错误:
Permission denied (publickey,gssapi-with-mic).
权限被拒绝 (publickey,gssapi-with-mic)。
What am I doing wrong?
我究竟做错了什么?
回答by gareth_bowles
Two possibilities I can think of, although they are both mentioned in the link you referenced:
我能想到的两种可能性,尽管在您引用的链接中都提到了它们:
You're not specifying the correct SSH keypair file or user name in the ssh command you're using to log into the server:
ssh -i [full path to keypair file] root@[EC2 instance hostname or IP address]
You don't have the correct permissions on the keypair file; you should use
chmod 600 [keypair file]
您没有在用于登录服务器的 ssh 命令中指定正确的 SSH 密钥对文件或用户名:
ssh -i [密钥对文件的完整路径] root@[EC2 实例主机名或 IP 地址]
您对密钥对文件没有正确的权限;你应该使用
chmod 600 [密钥对文件]
to ensure that only you can read or write the file.
以确保只有您可以读取或写入文件。
Try using the -v option with ssh to get more info on where exactly it's failing, and post back here if you''d like more help.
尝试将 -v 选项与 ssh 一起使用,以获取有关它究竟在哪里失败的更多信息,如果您需要更多帮助,请在此处发帖。
[Update]: OK, so this is what you shouldhave seen if everything was set up properly:
[更新]:好的,如果一切设置正确,这就是你应该看到的:
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: ec2-keypair
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Are you running the ssh command from the directory containing the ec2-keypair file ? If so, try specifying -i ./ec2-keypair just to eliminate path problems. Also check "ls -l [full path to ec2-keypair]" file and make sure the permissions are 600 (displayed as rw-------). If none of that works, I'd suspect the contents of the keypair file, so try recreating it using the steps in your link.
您是否从包含 ec2-keypair 文件的目录运行 ssh 命令?如果是这样,请尝试指定 -i ./ec2-keypair 以消除路径问题。还要检查“ls -l [ec2-keypair 的完整路径]”文件并确保权限为 600(显示为 rw-------)。如果这些都不起作用,我会怀疑密钥对文件的内容,因此请尝试使用链接中的步骤重新创建它。
回答by slackhacker
The key for me to be able to connect was to use the "ec2-user" user rather than root. I.e.:
我能够连接的关键是使用“ec2-user”用户而不是 root。IE:
ssh -i [full path to keypair file] ec2-user@[EC2 instance hostname or IP address]
回答by Ko-Chih Wu
In my case it's because the permission for my home directory is 775, and SSH is not happy about it. It should work after executing:
就我而言,这是因为我的主目录的权限是 775,而 SSH 对此并不满意。它应该在执行后工作:
server$ chmod go-w ~/
server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys
I had very similar experience this afternoon. I was setting up django on EC2, and suddenly I cannot SSH into the box anymore. Glad I still had an active connection, so I modified /etc/ssh/sshd_configto set:
今天下午我有非常相似的经历。我正在 EC2 上设置 django,突然间我无法再通过 SSH 连接到该框中。很高兴我仍然有一个活动连接,所以我修改/etc/ssh/sshd_config了设置:
PasswordAuthentication yes
and set password for ec2-user, then I can login by entering the password.
并为 设置密码ec2-user,然后我可以通过输入密码登录。
However, after some googling I found this thread: http://ubuntuforums.org/showthread.php?t=577279. It turned out that during my setup of django I changed the permission for my home directory, and SSH is very strict about this. So the file permission must be set correctly.
但是,经过一番谷歌搜索后,我发现了这个线程:http: //ubuntuforums.org/showthread.php?t=577279。事实证明,在我设置 django 期间,我更改了主目录的权限,SSH 对此非常严格。所以必须正确设置文件权限。
回答by Jacques Betancourt
+1
+1
I noticed that for some AMIs like Amazon Linux, [email protected] would work. But for an ubuntu image, I had to use ubuntu@ instead. It was never a problem with the .pem, just with the user name.
我注意到对于 Amazon Linux 等一些 AMI,[email protected] 会起作用。但是对于 ubuntu 图像,我不得不改用 ubuntu@。.pem 从来没有问题,只是用户名有问题。
回答by Jie
I had met this problem too.And I found that happend beacuse I forgot to add the user-name before the host name: like this:
我也遇到过这个问题。我发现这是因为我忘记在主机名前添加用户名:像这样:
ssh -i test.pem ec2-32-122-42-91.us-west-2.compute.amazonaws.com
and I add the user name:
我添加了用户名:
ssh -i test.pem [email protected]
it works!
有用!
回答by Pelli
Tagging on to mecca831's answer:
标记到 mecca831 的答案:
ssh -v -i generated-key.pem [email protected]
ssh -v -i 生成-key.pem [email protected]
[[email protected] ~]$ sudo passwd ec2-user newpassword newpassword
[[email protected] ~]$ sudo passwd ec2-user newpassword newpassword
[[email protected] ~]$ sudo vi /etc/ssh/sshd_config Modify the file as follows:
[[email protected] ~]$ sudo vi /etc/ssh/sshd_config 修改文件如下:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# EC2 uses keys for remote access
#PasswordAuthentication no
Save
保存
[[email protected] ~]$ sudo service sshd stop [[email protected] ~]$ sudo service sshd start
[[email protected] ~]$ sudo 服务 sshd 停止 [[email protected] ~]$ sudo 服务 sshd 启动
you should be able to exit and ssh in as follows:
您应该能够按如下方式退出和 ssh:
ssh [email protected]
and be prompted for password no longer needing the key.
并提示输入密码,不再需要密钥。
回答by shigeta
Are you sure you have used the right instance? I ran into this problem and realized that something like 4 of the ubuntu instances i tried did not have SSH servers installed on them.
您确定您使用了正确的实例吗?我遇到了这个问题,并意识到我尝试过的 4 个 ubuntu 实例没有安装 SSH 服务器。
For a list of good servers see "Getting the images" about half way down. Sounds like you may be using something else... the default username is ubuntu on these images.
有关良好服务器的列表,请参阅大约一半的“获取图像”。听起来您可能正在使用其他东西...这些图像上的默认用户名是 ubuntu。
回答by e1on
I was able to login using ec2-user
我能够使用 ec2-user 登录
ssh -i [full path to keypair file] ec2-user@[EC2 instance hostname or IP address]
ssh -i [密钥对文件的完整路径] ec2-user@[EC2 实例主机名或 IP 地址]
回答by Airswoop1
After about a half hour of searching and trying to debug this I was able to figure it out. My situation involved me using the same pem file for two different ec2 instance and it working for one and not the other.
经过大约半小时的搜索和尝试调试后,我终于弄清楚了。我的情况涉及我对两个不同的 ec2 实例使用相同的 pem 文件,并且它适用于一个而不是另一个。
My first instance it worked on was the standard aws linux ami amzn-ami-hvm-2014.03.2.x86_64-ebs. I simply used
我的第一个实例是标准的 aws linux ami amzn-ami-hvm-2014.03.2.x86_64-ebs。我只是用
ssh -i mypemfile.pem ec2-user@myec2ipaddress
and it worked.
它奏效了。
I then launched a fedora instance Fedora-x86_64-19-20140407-sda and tried the same command but kept getting:
然后我启动了一个 Fedora 实例 Fedora-x86_64-19-20140407-sda 并尝试了相同的命令,但一直得到:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
After changing my username from ec2-user to fedora it worked!
将我的用户名从 ec2-user 更改为 fedora 后,它起作用了!
ssh -i mypemfile.pem fedora@myec2address
回答by Madeline Trotter
I recommend against setting a password as some other answers suggest. Using the key file is both safer (no one can guess your passwords) and more convenient (once you set up a config file). Here's a basic ~/.ssh/config:
我建议不要像其他一些答案建议的那样设置密码。使用密钥文件既安全(没有人能猜到你的密码),也更方便(一旦你设置了配置文件)。这是一个基本的~/.ssh/config:
Host my-ec2-server
HostName 11.11.11.11
User ec2-user
IdentityFile /path/to/generated-key.pem
Now you can just type ssh my-ec2-serverand you're in! And as also mentioned in other answers, use -v to get extra info when your connection isn't working.
现在您只需输入即可ssh my-ec2-server进入!并且如其他答案中所述,当您的连接无法正常工作时,请使用 -v 获取额外信息。
