1

I downloaded the cert-xxx.pem and pk-xxx.pem files and also the keypair.pem and moved it all to the /.ssh folder on my Ubuntu client machine.

this is what I get when I try to SSH with -v at the end

debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: No more authentication methods to try. Permission denied (publickey).

I am new to administering servers and I want to know if I should be trying to convert the pem files to id_rsa and id_dsa. I am not really sure if that is possible but I don't know how else to get the id_rsa, id_dsa from those pem files or if there is any work around. I managed to get access to EC2 the first time and this is my second try and I am unsuccessful so far.

Any help is appreciated. regards Walker

Adding the log after many unsuccessful attempts of logging in 

 myvers@ubuntu:~$ ssh -v -i /home/myvers/.ssh/keyTwo.pem [email protected] OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to ec2-xxx-xxx-xxx-xx.compute-1.amazonaws.com xxx-xxx-xxx-xx port 22. debug1: Connection established. debug1: identity file /home/myvers/.ssh/keyTwo.pem type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu4 debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'ec2-xxx-xxx-xxx-xx.compute-1.amazonaws.com' is known and matches the RSA host key. debug1: Found key in /home/myvers/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: myvers@ubuntu debug1: Authentications that can continue: publickey debug1: Trying private key: /home/myvers/.ssh/keyTwo.pem debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).
Improve this question
2

5 Answers 5

Reset to default
1

It's not finding the private key so use -i identity_file option.

ssh -i ~/.ssh/cert-xxx.pem user@host

Improve this answer
4
  • Thanks Sean.. The problem is not with locating my keypair pem file. It the other part when it looks for id_rsa. Commented Jan 12, 2011 at 4:04
  • id_rsa is a private key in RSA format. You have a private key in PEM format. There isn't a default filename that ssh will check for PEM files like id_rsa and id_dsa so you need to use the -i. It's not going to look for *.pem in ~/.ssh Commented Jan 12, 2011 at 13:08
  • Thanks again. Tried with keypair and PK pem but result is still the same. Added debug output to the question if this gives any further insight. Tried generating keys over again but did not help. Commented Jan 12, 2011 at 20:17
  • debug1: Trying private key: /home/myvers/.ssh/keyTwo.pem debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey). Here we see that you sent the key to the server and didn't get a success method, but instead it was looking for other methods to try. So either the username is wrong or the host isn't configured correctly. Commented Jan 14, 2011 at 16:35
1

The cert-* file is an X.509 certificate for accessing the AWS API. It is not an SSH key. IIRC, keypair.pem should be your private SSH key. Try to use that as our identity file.

Improve this answer
1
  • Thanks blueben. I was aware about the cert file and when I do SSH it recognizes because of keypair.pem which I generated on AWS. But after that is the problem when it needs id_rsa and id_dsa. Commented Jan 12, 2011 at 4:00
0

The only reason it's looking for id_rsa and id_dsa is because you've not told it where to find a private key that works -- it falls back on the defaults instead. So don't worry about having an id_rsa file, and instead worry about how to get it to use your PK-xxx.pem file.

The following syntax should work:

ssh -i /path/to/keypair.pem [email protected]
Improve this answer
1
  • Thanks Mike.. tried it all over again but no success yet. Added debug to the mail post. Please let me know if there is any clue in this debug. regards Walker Commented Jan 12, 2011 at 20:12
0

see if this helps, you need to add the cert and key to your ~/.bashrc file

https://help.ubuntu.com/community/EC2StartersGuide

Improve this answer
0

Thank you all for your help and inputs. Everyone is right here and hopefully all these would help someone else in future. What I was doing wrong was I was also creating the Keypair.pem from the AWS console and downloading for SSH. It is not required. All you need is your certificates and just follow the steps in this link suggested by keanu. https://help.ubuntu.com/community/EC2StartersGuide

Amazon is truly secure and simple and I am very amazed at how they have built this process of creating your ami and logging through SSH with just pem files and variables set. I have been using linode and I am overwhelmed with the way this whole server creation and login process has been simplified and secured. Its damn neat and a good lesson for beginners to realize the importance of not rooting to their serves all the time which many pros suggest not to do and realizing how to securely access your server. Thanks eveyone again for their help and inputs.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.