Skip to content

Instantly share code, notes, and snippets.

@jamesallan93

jamesallan93/ssh-ec2-instance-permission-denied.md

Last active April 7, 2024 19:55
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jamesallan93/0c7d77f484b37e89c65101865e9842c3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jamesallan93/0c7d77f484b37e89c65101865e9842c3 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. jamesallan93 revised this gist Apr 7, 2024. 1 changed file with 29 additions and 0 deletions.
    29 changes: 29 additions & 0 deletions ssh-ec2-instance-permission-denied.md
    View file
    Original file line number Diff line number Diff line change
    @@ -77,3 +77,32 @@ chown $OS_USER:$OS_USER /home/$OS_USER -R

    ``ssh -i "my-test-server.pem" [email protected]``
    - don't forget to use the correct user for the server

    ## Default user names

    The default user name for your EC2 instance is determined by the AMI that was specified when you launched the instance.

    The default user names are:

    - For AL2023, Amazon Linux 2, or the Amazon Linux AMI, the user name is `ec2-user`.

    - For a CentOS AMI, the user name is `centos` or `ec2-user`.

    - For a Debian AMI, the user name is `admin`.

    - For a Fedora AMI, the user name is `fedora` or `ec2-user`.

    - For a RHEL AMI, the user name is `ec2-user` or `root`.

    - For a SUSE AMI, the user name is `ec2-user` or `root`.

    - For an Ubuntu AMI, the user name is `ubuntu`.

    - For an Oracle AMI, the user name is `ec2-user`.

    - For a Bitnami AMI, the user name is `bitnami`.


    ### Note

    ``To find the default user name for other Linux distributions, check with the AMI provider.``
  2. jamesallan93 created this gist Apr 7, 2024.
    79 changes: 79 additions & 0 deletions ssh-ec2-instance-permission-denied.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,79 @@
    # Permission Denied (publickey) When SSH Access to Amazon EC2 Instance

    ### Sources
    [Amazon EC2 Knowledge Center: How do I fix 'Permission denied (publickey)' errors when I connect to my Amazon EC2 Linux instance?](https://repost.aws/knowledge-center/ec2-linux-fix-permission-denied-errors)

    https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/describe-keys.html#retrieving-the-public-key



    ## Steps to Fix

    1. **Stop the Newly Created Instance**
    - After creating a new instance, stop it.

    2. **Assign a Static IP**
    - Go to **Network & Security > Elastic IP** and add a static IP to the instance to prevent IP change when the instance stops.
    - Stopping and starting the instance changes the public IP address of your instance. It's a best practice to use an Elastic IP address instead of a public IP address when routing external traffic to your instance.

    3. **Locate or Create a New Key**
    - Remember the `.pem` or `.ppk` file downloaded when creating an instance? Locate this file. If needed, create a new key:
    - Open the Amazon EC2 console at `https://console.aws.amazon.com/ec2/`.
    - In the left navigator, choose **Key Pairs**.
    - You can view the information about each public key in the **Key Pairs** table.

    4. **Retrieve the Public Key Material**
    - To retrieve the public key material from the private key, use the `ssh-keygen` command on your local Linux or macOS computer. Specify the path where you downloaded your private key (the `.pem` file).
    - **Command:** `ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem`
    - The command returns the public key. If the command fails, ensure you've changed the permissions on your private key pair file so that only you can view it by running `chmod 400 key-pair-name.pem`.

    5. **Prepare User Data Script**
    - Replace the placeholder `@@@@@@` with the user name associated with the AMI you launched your instance from.
    - Change the example `YOUR_SSH_KEY_HERE` key with the extracted key from the previous steps.
    - We will copy this data script for later

    ```shell
    Content-Type: multipart/mixed; boundary="//"
    MIME-Version: 1.0

    Content-Type: text/cloud-config; charset="us-ascii"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Content-Disposition: attachment; filename="cloud-config.txt"

    #cloud-config
    cloud_final_modules:
    - [scripts-user, always]

    Content-Type: text/x-shellscript; charset="us-ascii"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Content-Disposition: attachment; filename="userdata.txt"

    #!/bin/bash
    OS_USER=@@@@@@
    chown root:root /home
    chmod 755 /home
    chmod 700 /home/$OS_USER
    chmod 700 /home/$OS_USER/.ssh
    chmod 600 /home/$OS_USER/.ssh/authorized_keys
    echo 'ssh-rsa YOUR_SSH_KEY_HERE' >> /home/$OS_USER/.ssh/authorized_keys
    chown $OS_USER:$OS_USER /home/$OS_USER -R
    ```
    6. **Prepare To Paste**
    - Open the [Amazon EC2 console](https://console.aws.amazon.com/ec2/).

    - Choose **Instances** from the navigation pane, and then select the instance you are trying to launch.

    - [Stop the instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#starting-stopping-instances).

    - Choose **Actions**, **Instance settings**, **Edit User Data**.

    - Copy the **step 5** data script into the **Edit User Data** dialog box, and then choose **Save**.
    - Start your instance again

    7. **SSH to your instance**
    - navigate to the .pem location on your pc and run:

    ``ssh -i "my-test-server.pem" [email protected]``
    - don't forget to use the correct user for the server