0

I have created an EC2 instance. It has internet connectivity and I can ssh into ubuntu@ip using the 'test_kp.pem'.

I have created a new user.. useradd test-user and created a new keypair test-user-kpin AWS EC2 console.

I created the dir home/test-user/.ssh and the file .ssh/authorized_keys

I have ran the command ssh-keygen -f test-user-kp.pem -y and copied the contents into authorized_keys. I also fixed the permissions of .ssh and the file authorized_keys.

Now I am trying to ssh -i test-user-kp.pem test-user@ip the command fails with the message:

test-user@ip: Permission denied (publickey).

Improve this question

2 Answers 2

Reset to default
0

There are a few possibilities for this.

Reading your post, I wonder if you copied the contents of test-user-pk.pem to the ~ssh/authorized_keys. If you did this then that is the problem. That file is the PRIVATE key - the public key would be found in test-user-pk.pem.pub This is easy enough to verify because the format of the private key is quite different to the public key, and starts with -----BEGIN OPENSSH PRIVATE KEY------ spanning multiple lines - rather then a single long line with 3 fields, probably starting "ssh-rsa", and ending with a username@hostname - with the public key in the middle.

Otherwise -

In general, try to ssh in as the user with the "-v" flag passed to SSH to log what the client is seeing, and also look in the server log file while you are doing this.

You could take this a step further by launching a second instance of sshd on the server on an alternative port and not detach it, and see what happens when the connection is attempted.

Some specific possibilities to look at -

  • Is SeLinux breaking the instance (ie file permissions or similar). I have seen this before and it is a pain. The audit.log file would indicate if this is the case, and if it seems to be the case, temporarily disabling selinux might help rule this problem out. (I've seen this before, but not on Ubuntu boxes)

  • I there something in /etc/ssh/sshd_conf preventing the negotiation - eg an AllowUsers list.

  • Could it be a permissions problem with the users home directory?

  • Could it be something silly, like you landed up adding the key.

Improve this answer
4
  • I have ran the command 'ssh-keygen -f test-user-kp.pem -y' and copied the contents into authorized_keys
    – Hector Harris
    Commented Mar 26 at 8:07
  • The response was ssh - rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBH6eS7V1yN8FdnXamCvaSCL/YC...........8X1zThpN1JnpwNmR/bH9nwMAe7m....................kt2zw3gsyoWnRP3vod5Bns2LWaXB3o6CW5iWMs9uZ4RmlT/1g+A............................................nc1k4boSoUDqybBLUl6Wypitn23UDT+qQRPgjF+HX1+urSzKix................yr/4v/lXt.....................................F/.........................
    – Hector Harris
    Commented Mar 26 at 8:10
  • No idea what you are saying above - but the last comment you advised looks like a public key, save for the ''......" bits - which look wrong (ie corrupt)
    – davidgo
    Commented Mar 26 at 17:20
  • Hello, thankyou for your help the problem was that I created the authorized key file as root I used chown and fixed it!!! Running ssh as verbose helped.
    – Hector Harris
    Commented Mar 26 at 21:59
0

I had created 'authorized_keys' as root. To fix this I ran

sudo chown test-user authorized_keys

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .