Skip to main content

[SOLVED] How to Fix Permission Denied (publickey) When SSH Accessing Amazon EC2 Instance? - amazon-web-services

[SOLVED] How to Fix the “Permission Denied (publickey)” Error When SSH Accessing Your Amazon EC2 Instance

If we see the “Permission Denied (publickey)” error while trying to SSH into our Amazon EC2 instance, we are not alone. This problem is common. It can happen for different reasons like SSH key mistakes, security group problems, or instance settings. In this guide, we will look at the important steps to find and fix this issue. By using these solutions, we can get back into our EC2 instance and have a better time managing our cloud resources.

Solutions to Fix “Permission Denied (publickey)” Error

  • Part 1 - Check the Right Key Pair is Used
  • Part 2 - Look at EC2 Instance Security Group Settings
  • Part 3 - Make Sure the Public Key is in the Authorized Keys
  • Part 4 - Set Right Permissions on the Private Key File
  • Part 5 - Confirm the Instance’s Public IP Address
  • Part 6 - Review SSH Configuration Settings

Knowing how to fix the “Permission Denied (publickey)” error is very important for anyone using Amazon EC2. Each part of this guide gives clear steps and tips to help us connect using SSH without issues. If we want to learn more, we can read our guides on how to change key pair for EC2 and how to SSH into Elastic Beanstalk. Now, let’s look at each part to fix our SSH access problems easily.

Part 1 - Verify the Correct Key Pair is Used

To fix the “Permission Denied (publickey)” error when we try to access our Amazon EC2 instance, we first need to make sure we are using the right key pair linked to our instance. Let’s follow these steps:

  1. Identify the Key Pair:

    • We go to the Amazon EC2 console.
    • We select our instance and check the “Key pair name” in the details part.

  2. Locate the Private Key File:

    • We need to have the right .pem file for the key pair. This file helps us log in to our SSH session.

  3. Connect Using the Correct Key:

    • We use this command to connect to our EC2 instance. We replace your-key.pem with the path to our private key and ec2-user@your-instance-public-ip with the right user and public IP:
    ssh -i /path/to/your-key.pem ec2-user@your-instance-public-ip

  4. Check for Key Pair Mismatch:

    • If we have many key pairs, we need to check that we are not trying to connect with a different key that is not linked to our instance.

  5. Recreate the Key Pair (if necessary):

    • If we lost our key pair or cannot find it, we will need to create a new key pair and link it to our instance. We may have to stop the instance, detach the root volume, attach it to another instance, add our new public key to the authorized_keys file, and then reattach the volume to the first instance.

Verifying the right key pair is very important for making a good SSH connection to our Amazon EC2 instance. If we still have problems, we should check other settings or security group rules.

Part 2 - Check EC2 Instance Security Group Settings

To fix the “Permission Denied (publickey)” error when we try to access our Amazon EC2 instance with SSH, we need to check the security group settings. If the security group is not set up right, it can stop us from using SSH.

  1. Log in to the AWS Management Console.
  2. Go to the EC2 Dashboard.
  3. Click on Instances in the left panel.
  4. Find your instance and look for its security group.
  5. Click on the link for the security group to see its settings.

Make sure these settings are right:

  • Inbound Rules: Check if there is a rule that allows SSH access (port 22).
    • Type: SSH
    • Protocol: TCP
    • Port Range: 22
    • Source: Your IP address (or 0.0.0.0/0 for public access, but this is not safe).

Here is an example of an inbound rule:

Type Protocol Port Range Source
SSH TCP 22 Your IP/32

After we change the security group settings, we should try to SSH into our EC2 instance again. If we still have problems, we need to check other things like if we are using the correct key pair or if the permissions on our private key file are set right. For more help, see how to fix specified key does not work.

Part 3 - Ensure the Public Key is in the Authorized Keys

To fix the “Permission Denied (publickey)” problem when we try to SSH into our Amazon EC2 instance, we need to check if the public key is added to the authorized_keys file on the instance.

  1. Connect to the EC2 Instance: If we cannot connect, we may need to use the EC2 instance console or other ways like Session Manager.

  2. Check the authorized_keys File: After we get access, we should look at the ~/.ssh/authorized_keys file to see if our public key is there.

    cat ~/.ssh/authorized_keys

  3. Add the Public Key if Missing: If we do not find our public key, we have to add it. We can use this command to append our public key:

    echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC..." >> ~/.ssh/authorized_keys

    We need to change the string with our real public key.

  4. Set Correct Permissions: We have to make sure that the permissions on the ~/.ssh folder and the authorized_keys file are right. We can use these commands:

    chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

  5. Verify Ownership: We need to check that the ~/.ssh folder and the authorized_keys file belong to the right user:

    chown $(whoami):$(whoami) ~/.ssh
chown $(whoami):$(whoami) ~/.ssh/authorized_keys

If we still have problems, we can look at how to fix the specified key issue or how to change key pair for EC2.

Part 4 - Set Correct Permissions on the Private Key File

We need to fix the “Permission Denied (publickey)” issue when we try to access our Amazon EC2 instance. The problem can happen if the private key file does not have the right permissions. If permissions are wrong, SSH cannot use the key properly. Let’s follow these steps:

  1. Change Permissions: We should set the permissions of our private key file to be read-only for the owner. We can do this by using the command below in our terminal:

    chmod 400 /path/to/your/private-key.pem

    Remember to replace /path/to/your/private-key.pem with the real path to our private key file.

  2. Verify Ownership: We need to make sure that we own the key file. We can check this by running:

    ls -l /path/to/your/private-key.pem

    The output should show that our user account is the owner.

  3. Use the Key Correctly: When we connect to our EC2 instance, we must specify the key file with the -i option:

    ssh -i /path/to/your/private-key.pem ec2-user@your-ec2-public-ip

    We should replace ec2-user with the right username for our instance like ubuntu for Ubuntu instances. Also, replace your-ec2-public-ip with the public IP address of our instance.

  4. Check SSH Configuration: If we have a custom SSH configuration file (~/.ssh/config), we should check that it does not change the permissions or settings for our key file.

If we need more help, we can look at how to fix the specified key does not work or how to change key pair for EC2.

Part 5 - Confirm the Instance’s Public IP Address

To fix the “Permission Denied (publickey)” error when we try to access our Amazon EC2 instance using SSH, we need to check that we are connecting to the right public IP address of the instance. Here are the steps to follow:

  1. Locate the Public IP Address:

    • We need to log in to our AWS Management Console.
    • Then, we go to the EC2 Dashboard.
    • Next, we click on “Instances” in the left sidebar.
    • We find our instance and look for the “IPv4 Public IP” in the details.

  2. SSH Command: We will use the public IP address we found to connect with SSH. We replace <public-ip> with the actual public IP of our instance and <path-to-key> with the path to our private key file:

    ssh -i <path-to-key> ec2-user@<public-ip>

  3. Elastic IP: If we have an Elastic IP assigned to our instance, we should use that IP address. We can link an Elastic IP to our instance through the EC2 console for a fixed IP address.

  4. Network Configuration: We need to check that our instance is in a public subnet. It should have a route to an Internet Gateway. This is very important for accessing the instance using its public IP.

For more help with SSH access problems, we can check how to fix the issue of not being able to SSH into your EC2 instance. We must make sure our instance’s public IP address is set up correctly. This way, we can connect without issues.

Part 6 - Review SSH Configuration Settings

To fix the “Permission Denied (publickey)” error when we try to access our Amazon EC2 instance, we need to check our SSH configuration settings. Here are some steps we can follow to make sure everything is set up correctly:

  1. Check the SSH Client Configuration: We should make sure our SSH client uses the right private key. We need to edit the SSH configuration file at ~/.ssh/config. If there is no entry for our EC2 instance, we can add one:

    Host your-instance-alias
    HostName your-instance-public-ip
    User ec2-user
    IdentityFile ~/.ssh/your-private-key.pem

  2. Ensure Correct SSH Client Command: When we connect to our EC2 instance, we must use the right command format. Here is how it looks:

    ssh -i ~/.ssh/your-private-key.pem ec2-user@your-instance-public-ip

  3. Verify SSH Daemon Configuration on EC2: If we can access the instance by another way (like EC2 Instance Connect), we should check the /etc/ssh/sshd_config file. We need to make sure these settings are enabled:

    PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

  4. Restart SSH Service: If we change the sshd_config file, we need to restart the SSH service:

    sudo systemctl restart sshd

  5. Check for Firewall Rules: We must check that the security group for our EC2 instance allows incoming traffic on port 22. This is the default SSH port. We can check and change this in the AWS Management Console under Security Groups.

  6. Review SSH Logs: We should look at the SSH logs on the EC2 instance for more error messages. We can run this command:

    sudo tail -f /var/log/secure

By checking and setting up these SSH settings, we can fix and solve SSH access problems to our Amazon EC2 instance. For more tips on troubleshooting, we can look at this article about common EC2 connection problems.

Frequently Asked Questions

1. What does the “Permission Denied (publickey)” error mean in SSH?

The “Permission Denied (publickey)” error means that our SSH client can’t connect to the Amazon EC2 instance. This happens because of a problem with the public key. It usually occurs when we do not use the right private key or the public key is not in the instance’s authorized keys. To fix this, we can check our article on how to fix the specified key does not exist.

2. How can I confirm that I’m using the correct key pair for my EC2 instance?

To make sure we are using the right key pair for our EC2 instance, we should look at the key pair linked with the instance in the AWS Management Console. We need to check that the private key file (.pem) matches the public key that is added to the instance. If we want to change the key pair, we can read our guide on how to change key pair for EC2.

3. Why is my EC2 instance not accessible via SSH even with the correct key?

If we cannot access our EC2 instance via SSH, even with the right key, it could be because of security group settings. These settings might block the SSH port (22). We should check if the security group allows traffic on port 22 from our IP address. For more help on security groups, we can review our article on how to open port 80 on EC2.

4. What should I do if my private key file has incorrect permissions?

If our private key file does not have the right permissions, SSH will not use it. This is for our security. We should set the private key file permissions to 400 or 600. We can do this by running chmod 400 your-key.pem. To learn more about file permissions, we can check our article on how to set volumemount user.

5. How can I troubleshoot SSH connection issues to my EC2 instance?

To troubleshoot SSH connection problems to our EC2 instance, we should first make sure we are using the correct key pair and that it has the right permissions. We also need to check the instance’s public IP address and the security group settings. Additionally, we should look at our SSH configuration for any mistakes. For a complete guide on SSH troubleshooting, we can read our article on how to SSH into Elastic.

Labels:

Comments

Post a Comment