1

I'm trying to access new user which is created in AWS instance using SSH, but it throws an error when i execute the command ssh -i new_keypair.pem [email protected]

Error : Permission denied (publickey,gssapi-keyex,gssapi-with-mic)..

I followed each and every steps as mentioned in AWS document https://aws.amazon.com/premiumsupport/knowledge-center/new-user-accounts-linux-instance/

Please Let me know is there any additional configurations are required to access newly added user using SSH..

Improve this question
6
  • Try adding sudo before firing this command
    – Dinesh K
    Commented Jun 21, 2017 at 15:03
  • @dinesh But when i trying to access old_user with new_keypairs, it's working fine. Note : i don't have sudo success
    – Venkatesh Kuppusamy
    Commented Jun 21, 2017 at 15:08
  • 1
    @VenkateshKuppusamy which linux flavour are u using?
    – Dinesh K
    Commented Jun 21, 2017 at 15:13
  • @Dinesh K centos
    – Venkatesh Kuppusamy
    Commented Jun 21, 2017 at 15:15
  • docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html
    – Dinesh K
    Commented Jun 21, 2017 at 15:20

2 Answers 2

Reset to default
3

Add the newly created user in /etc/ssh/sshd_config as mentioned below. It's also working fine.

AllowUsers root new_user

AllowGroups root new_user

Improve this answer
1
  • 1
    Please note : AllowUsers -- This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. And that the allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
    – Federico Galli
    Commented Jun 22, 2017 at 9:49
1

SSH to your EC2 Instance as standard ec2-user

sudo adduser -m testuser
sudo su - testuser
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

On your local pc, if you don't have them already, generate rsa keys (always give enter on default options)

ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub

Copy the output (something like this)

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTvTnCzaaIPChWXgvxlyswcNzzTjlYUcfNExm6zGGJRtEcjvHMpV6vg9XMOb9ZgRNhgpWQqitQ9yLy+mjznDerfuK9RsEIdu5wb7uVFXs6TGHy8b9sqid0PH6PYuWiZ1/pA6cRrtQudeqlZuVV5wyimPFKZONW3v+BOp+AtIvChPhZI+rWn0T3vxi2NTHfdqW93VqsQ7ReEkzd1RGxJZ+1X0kADmCJKjwAoju0DvvVz3/xdsc2UT3rjRsUTxDR1bH4GBQr7U1pwCGAqZqvEl72TLpUdWRECG42qIPsut95c237gtzkwlU7iAOeiPWJduMV/bPxXnrB/YqF+XwRMuiz testuser@testEC2

and paste into the .ssh/authorized_keys of your testuser of testinstance (using vi or nano or whatever)

from your client ssh to your ec2

ssh [email protected]

This will work. I don't really get the Amazon way of sharing and setting up pem keys. I think it is easier for their automated systems but not for sysadmins. You can use your public key that way on all the servers you need to admin.

Improve this answer
2
  • -m is not needed. Please remove it.
    – SmallChess
    Commented Mar 19, 2019 at 13:28
  • @SmallChess as a home dir is necessary to add .ssh directory and files, I think it's ok to create it with explicit -m
    – Federico Galli
    Commented Mar 25, 2019 at 13:58

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .