【发布时间】:2017-12-11 21:51:54
【问题描述】:
我正在尝试使用以下命令连接到有问题的 Amazon EC2 实例:
ssh -vvv -i MY_KEY.pem root@ec2-XX-XX-XXX-XX.compute-1.amazonaws.com
得到这个结果:
OpenSSH_7.5p1, OpenSSL 1.1.0g-fips 2 Nov 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
debug1: Connecting to ec2-XX-XX-XXX-XX.compute-1.amazonaws.com [XX.XX.XXX.XX] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file MY_KEY.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file MY_KEY.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ec2-XX-XX-XXX-XX.compute-1.amazonaws.com:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:rRMQg/hs
debug1: Host 'ec2-XX-XX-XXX-XX.compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/dina/.ssh/known_hosts:8
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: MY_KEY.pem
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering RSA public key: dina@localhost.localdomain
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: MY_KEY.pem
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
密钥 MY_KEY.pem 应该是正确的,我在 AWS 控制台上的 NETWORK & SECURITY -> Key Pairs 下检查了指纹,它与我正在使用的密钥相同。
.pem 文件的权限是 400,所有者是当前所有者。允许从所有地址到实例的 SSH 入站流量。
还尝试使用不同的用户(root、ubuntu、admin、ec2-user、centos、fedora),因为我与启动实例的人没有联系,也不知道那里有什么系统。
对正在发生的事情以及可以采取的措施有任何想法吗?非常感谢您的帮助
【问题讨论】:
-
制作此卷的快照并将其附加到另一个实例(您可以在其中登录)并检查 /home 文件夹
-
MY_KEY.pem的公钥需要在目标用户(在本例中为root's).ssh/authorized_keys中,您才能使用 pem 文件登录。还要检查PermitRootLogin在服务器 sshd 配置中是如何设置的,并确保它允许远程 root 登录。
标签: amazon-web-services authentication amazon-ec2 ssh