我在Amazon EC2上创建了一个Ubuntu 12.04实例。
我已经下载了PEM文件,并且能够SSH进入实例,没问题。
现在,我想在远程实例上创建一些顾问等等。
他们应该能够使用RSA密钥进入盒子。在EC2机器上,我已经在〜/ home /中设置了几个帐号,并将它们分配给组管理员。我也给自己一个类似的帐户(MyTestAccount)进行测试。这就是我所做的:
我使用key-gen在本地机器上的.ssh目录中创建公钥和私钥(〜/ .ssh):
drwx------ 2 peter peter 1024 Sep 14 10:23 .ssh
和里面的文件:
-rw------- 1 peter peter 1675 Sep 14 10:23 id_rsa -rw------- 1 peter peter 394 Sep 14 10:23 id_rsa.pub -rw------- 1 peter peter 444 Sep 14 00:05 known_hosts
然后我将id_rsa.pub文件SCP我的远程EC2实例,并将其附加到
.ssh / authorized_keys文件在我的远程实例。我的遥控器的权限
.ssh目录:
drwx------ 2 ubuntu ubuntu 4096 Sep 16 16:13 .ssh
和我的authorized_keys文件:
-rw------- 1 peter ubuntu 1179 Sep 14 00:05 authorized_keys
接下来,我注销了我的远程实例,并尝试使用新的密钥SSH到远程框。当我发出以下命令时:
peter@ubuntu:~/.ssh$ ssh -vvv MyTestAccount@ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com
我得到以下看来我的私钥有问题吗?有什么建议么?谢谢。
OpenSSH_5.9p1 Debian-5ubuntu1,OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: need priv 0 debug1: Connecting to ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com [XX.XXX.XX.XXX] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/home/peter/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/peter/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/peter/.ssh/id_rsa-cert type -1 debug1: identity file /home/peter/.ssh/id_dsa type -1 debug1: identity file /home/peter/.ssh/id_dsa-cert type -1 debug1: identity file /home/peter/.ssh/id_ecdsa type -1 debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1
[SNIP …]
debug2: we sent a publickey packet,wait for reply debug1: Authentications that can continue: publickey debug1: Trying private key: /home/peter/.ssh/id_dsa debug3: no such identity: /home/peter/.ssh/id_dsa debug1: Trying private key: /home/peter/.ssh/id_ecdsa debug3: no such identity: /home/peter/.ssh/id_ecdsa debug2: we did not send a packet,disable method debug1: No more authentication methods to try. **Permission denied (publickey).**