为什么我无法通过 ssh 连接到我使用 AWS CloudFormation 创建的 AWS ec2 实例?

【问题标题】:Why I could not ssh to my AWS ec2 instance that I created using AWS CloudFormation?为什么我无法通过 ssh 连接到我使用 AWS CloudFormation 创建的 AWS ec2 实例?
【发布时间】:2019-09-13 22:55:29
【问题描述】:

我正在使用 CloudFormation 创建一个 EC2 实例,其中提到了 VPC、子网和安全组。但是,当实例启动时,我无法通过 ssh 连接到实例并收到以下消息:

ssh -i aws_jenkins.pem ec2-user@34.217.129.89

无法确定主机“34.217.129.89 (34.217.129.89)”的真实性。 ECDSA 密钥指纹为 SHA256:rs3bjVKolzdmktzfiSd0Oo5RU6dLdT/PGHpycStgFK8。 ECDSA 密钥指纹为 MD5:7f:cc:61:c4:f3:1a:b7:45:9a:f0:da:e8:0c:a4:d9:bc。

您确定要继续连接吗(是/否)?是的

警告:将“34.217.129.89”(ECDSA) 永久添加到已知主机列表中。

权限被拒绝(公钥、gssapi-keyex、gssapi-with-mic)。

但是,如果我从 AWS 控制台创建另一个 EC2

使用相同的 ImageID、VPC、子网、SecurityGroup 和 Key。 我可以通过 SSH 访问它。

但是为什么通过 CloudFormation 创建的实例不支持 SSH

我无法解决这个问题,非常感谢任何见解/解决方案。

AWSTemplateFormatVersion: 2010-09-09

Parameters:

  EnvironmentName:
    Description: An environment name that will be prefixed to resource names
    Type: String

  VpcCIDR: 
    Description: Please enter the IP range (CIDR notation) for this VPC
    Type: String
    Default: 10.192.0.0/16

  PublicSubnet1CIDR:
    Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
    Type: String
    Default: 10.192.10.0/24

  PublicSubnet2CIDR:
    Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone
    Type: String
    Default: 10.192.11.0/24

  InstanceType:
    Description: WebServer EC2 instance type
    Type: String
    Default: t2.micro
    AllowedValues: [ t1.micro, t2.nano, t2.micro, t2.small, t2.medium]
    ConstraintDescription : must be a valid EC2 instance type.

  KeyName:
    Description: The EC2 Key Pair to allow SSH access to the instances
    Type: AWS::EC2::KeyPair::KeyName
    Default: jenkins-test
    ConstraintDescription: must be the name of an existing EC2 KeyPair.

  SSHLocation: 
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: 9
    MaxLength: 18
    Default: 0.0.0.0/0
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

Resources:

  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref VpcCIDR
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags: 
      - Key: Name
        Value: !Ref EnvironmentName

  InternetGateway:
    Type: AWS::EC2::InternetGateway
    DependsOn: VPC
    Properties:
      Tags:
      - Key: Name
        Value: !Ref EnvironmentName

  InternetGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref VPC

  PublicSubnet1: 
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [ 0, !GetAZs ]
      CidrBlock: !Ref PublicSubnet1CIDR
      MapPublicIpOnLaunch: true
      Tags: 
      - Key: Name 
        Value: !Sub ${EnvironmentName}-Public-Subnet-(AZ1)

  PublicSubnet2:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [ 1, !GetAZs ]
      CidrBlock: !Ref PublicSubnet2CIDR
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: !Sub ${EnvironmentName}-Public-Subnet-(AZ2)     

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties: 
      VpcId: !Ref VPC
      Tags: 
      - Key: Name 
        Value: !Sub ${EnvironmentName} Public Routes

  DefaultPublicRoute: 
    Type: AWS::EC2::Route
    DependsOn: InternetGatewayAttachment
    Properties: 
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnet1

  PublicSubnet2RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnet2


  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access and HTTP to instance
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: !Ref SSHLocation

      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: !Ref SSHLocation
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: TestSecurity_group

  MyInstance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-061392db613a6357b
      InstanceType: !Ref InstanceType
      SubnetId: !Ref PublicSubnet1
      KeyName: !Ref KeyName
      SecurityGroupIds:
      - !Ref InstanceSecurityGroup
      Tags:
      - Key: Name
        Value: TestServer

【问题讨论】:

  • 您在 cloudformation 模板中的密钥名称是 jenkins-test 并且您正在使用 aws_jenkins.pem 密钥进行 ssh?

标签: amazon-web-services amazon-ec2 ssh yaml amazon-cloudformation


【解决方案1】:

在你的参数中你有:

KeyName:
    Description: The EC2 Key Pair to allow SSH access to the instances
    Type: AWS::EC2::KeyPair::KeyName
    Default: jenkins-test
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
  1. 您是否让它使用此默认参数构建?
  2. 您确定您使用的是正确的匹配密钥吗?

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2019-08-08
    • 1970-01-01
    • 2017-04-18
    • 1970-01-01
    • 1970-01-01
    • 2021-11-14
    • 2019-12-28
    • 2013-01-06
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode