User is reporting that they've unable to SSH into an EC2 instance in AWS?

不羁的心 提交于 2020-05-16 22:36:54

问题


The user's are doing the following:

$ ssh -i /Users/user1/key.pem centos@10.12.10.10

The error message received while trying to access is as follows:

$ ssh -i /Users/user1/key.pem centos@10.12.10.10 
centos@10.12.10.10 : Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

回答1:


A novel solution to this particular problem was presented by the AWS support and I felt compelled to share it here, since I hadn't seen it previously. In the past the method most of my colleagues have used revolved around stopping the instance and then mounting the EBS volume attached to it to another EC2 instance as a secondary volume and then mount it and edit it as needed.

These howtos show that traditional method:

  • https://n2ws.com/blog/how-to-guides/connect-aws-ebs-volume-another-instance
  • AWS Knowledge Center Videos: How do I recover access to my EC2 instances if I lost my SSH key pair?

Using User Data

This new method to me was to utilize #userdata to for a sequence of commands to run within the EC2 instance as it boots.

  1. Before you begin, please create a snapshot of your volume (Volume ID: vol-XXXX) that's attached to the EC2 you're unable to SSH into, just as a precaution. A snapshot is essentially a backup of your volume. You can find the steps for creating a snapshot in this documentation.
  2. Stop your instance.
  3. In the console, select your instance, go to Actions → Instance Settings → View/Change User Data
  4. Inside User Data, put the information below:
#cloud-config
bootcmd:
  - [ chmod, 700, /home/centos ]
  - [ chmod, 700, /home/centos/.ssh ]
  - [ chmod, 600, /home/centos/.ssh/* ]
  - [ chmod, 600, /etc/ssh/ssh_host_*_key ]
  - [ chmod, 711, /var/empty/sshd ]
  - [ chmod, 600, /home/centos/.ssh/authorized_keys ]
  - [ sh, -c, "chown -R centos:centos /home/centos" ]
  1. Start your instance.

Once the instance is restarted, attempt to access the instance via ssh.

Notes

  • The above user-data script will correct any ownership and permissions issues within the instance itself.
  • If you are still experiencing an issue after using the above user-data script, please let me know and I will get back to you.
  • If the previous procedure worked, please repeat the steps 1-4 and delete the content from the User-Data box to avoid the procedure repeats again every instance reboot.


来源:https://stackoverflow.com/questions/60172541/user-is-reporting-that-theyve-unable-to-ssh-into-an-ec2-instance-in-aws

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!