SSH to Amazon EC2 instance using PuTTY in Windows

Question

I am a newbie to Amazon web services, was trying to launch an Amazon instance and SSH to it using putty from windows. These are the steps I followed:

Created a key pair.
Added a security group rule for SSH and HTTP.
Launched and instance of EC2 using the above key pair and security group.
Using PuTTYgen converted the *.pem file to *.ppk
Using putty tried connecting to the public DNS of the instance and provided the *.ppk file.

I logged in using 'root' and 'ec2-user', and created the PPK file using SSH1 and SSH2, for all these attempts I get the following error in putty,

"Server refused our key"

Can you guys please help, any suggestions would be greatly appreciated.

@Geoff: thanks! I using amzn-ami-2011.09.1.x86_64-ebs (ami-7341831a), which says has Amazon Linux platform. — konkani, Apr 23 '12 at 20:14
If you're using Amazon Linux then you should be using `ec2-user` to log in - `root` will never work. But you already tried `ec2-user` too. You're absolutely sure the instance is configured to use this key pair? And that you're connecting to the correct Elastic IP address or AWS public DNS for your instance? — Daan, Apr 23 '12 at 21:52
I answered a question on here for a similar problem. This is how I solved the issue: http://stackoverflow.com/questions/11614254/server-refused-our-key-after-launching-instance-from-private-ebs-ami/14219815#14219815 HTH! — Darius, Jan 08 '13 at 16:42
You might want to take a look at this: http://www.wowza.com/forums/showthread.php?5632-EC2-using-Putty-SSH-Server-refused-our-key — Silviu, Apr 23 '12 at 20:05
thanks, I did check this link prior to posting the question, I am following all the steps mentioned in it. Still getting the error! — konkani, Apr 23 '12 at 20:26
Well, `ec2-user` works for me, after following the steps to generate the `.ppk` from the `.pem` in [this video](http://www.youtube.com/watch?v=mJaHARCfcA0) — bobobobo, Jan 14 '14 at 16:25
Have you checked this http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/InstallEC2CommandLineTools.html — J Bourne, Jan 27 '14 at 07:01

score 33 · Answer 1 · answered Jan 06 '13 at 02:59

33

I assume that the OP figured this out or otherwise moved on, but the answer is to use ubuntu as the user (if the server is ubuntu).

answered Jan 06 '13 at 02:59

mikeabout

430
4
7

This is awesome. Not covered any obvious location I've found. – Rig Oct 26 '13 at 22:38
Brilliant :-) Two years on, and the Amazon documentation still has not been updated, and states that the user is "ec2-user" for all Amazon Linux AMIs. I would reasonably accept this as a answer, even if the OP has moved on. – Jason Apr 29 '14 at 12:46
1

@Jason The user for all Amazon Linux AMIs *is* ec2-user. Ubuntu is not Amazon Linux. "Amazon Linux" is a specific distribution of Linux from Amazon. Amazon also supplies other Linux distributions such as RHEL (user is ec2-user or root), CentOS (user is centos), Ubuntu (user is ubuntu or root), Fedora (user is ec2-user), and SUSE (user is ec2-user or root). – jarmod May 31 '17 at 15:06

score 10 · Answer 2 · edited Mar 16 '13 at 17:53

10

1) Make sure you have port 22 (SSH) opened in Security Group of EC2 Instance.

2) Try connecting with Elastic IP instead of public DNS name.

I hope you have followed these steps Connecting EC2 from a Windows Machine Using PuTTY

edited Mar 16 '13 at 17:53

brianpeiris

10,735
1
31
44

answered Apr 24 '12 at 10:20

shashankaholic

4,122
3
25
28

Connecting with Elastic IP address worked in my case. I had lost access after creating and associating an ip-address. Thanks! – linuxeasy Apr 19 '14 at 16:27
He said the problem was authentication, not DNS resolution or firewall. – Ryan Williams Jul 03 '14 at 01:37

score 4 · Answer 3 · answered Jan 06 '16 at 13:57

Another situation where I got the "Server refused our key" error when using putty, from windows, to ssh to an EC2 instance running ubuntu:

The private key was wrongly converted from .pem to .ppk.

puttygen has two options for "converting keys".

Load your .pem file into puttygen using the File->Load Private Key option and then save as .ppk file using the Save Private Key Button.
DO NOT use the menu option Conversions->Import Key to load the .pem file generated by EC2.

See the puttygen screenshots below, with the two menu options marked.

score 2 · Answer 4 · answered Apr 14 '15 at 12:22

2

Check the username, it should be "ubuntu" for your machine. Check if traffic is enabled on port 22 in Security group. Check if you are using the correct url i.e ubuntu@public/elasticip

answered Apr 14 '15 at 12:22

Mohit Singh

5,977
2
24
25

2

Nice, you fulfilled my query too – Vikas Kukreti May 03 '15 at 17:20

score 1 · Answer 5 · answered Apr 23 '12 at 23:45

Maybe worth of checking one more thing. Go to AWS console, right mouse click on the instance and choose "Connect...". It will show you the DNS name that you want to use. If you restarted that instance at some point, that DNS name could have changed.

score 1 · Answer 6 · answered May 14 '13 at 08:33

I had a similar problem when I tried to connect an instance created automatically by the Elastic Beanstalk service (EBS). But, once I linked my existing key name to the EBS (under Environment Details -> Edit Configuration -> Server Tab -> Existing Key Pair), I was able to login with 'ec2-user' and my existing key file (converted to .ppk) with putty.

This, however, terminates the running instance and rebuilds a new instance with access through the key pair named above.

score 1 · Answer 7 · answered Mar 05 '15 at 12:35

Just in case it helps anyone else, I encountered this error after changing the permissions on the home folder within my instance. I was testing something and had executed chmod -R 777 on my home folder. As soon as this had occurred, once I had logged out I was effectively locked out.

score 1 · Answer 8 · answered Apr 02 '20 at 10:50

You won't face this error if you SSH AWS directly using ".pem" file instead of converted ".ppk" file.

1) Use Git Bash instead of putty. Since you can run all the Linux commands in Git Bash. By installing Git you get to access Git Bash Terminal

2) Right click from the folder where you have ".pem" and select "Git Bash Here".

3) Your key must not be publicly viewable for SSH to work. So run "chmod 400 pemfile.pem".

4) Connect to your instance using its Public DNS - "ssh -i "pemfile.pem" ec2-user@ec2-x-x-x-x.us-west-1.compute.amazonaws.com"

5) Make sure to whitelist your Network IP for SSH in your_instance->security_group->inbound_rules

using Git Bash instead Putty worked for me. Thank You! – Osusara Kammalawatta Sep 10 '20 at 11:48 — Osusara Kammalawatta, Sep 10 '20 at 11:48

score 0 · Answer 9 · answered Apr 23 '12 at 20:31

I assume you're following this guide, and connecting using the instructions on the subsequent page. Verify a couple of things:

You converted the key correctly, e.g. selected the right .pem file, saved as private key, 1024-bit SSH-2 RSA
The Auth settings (step 4 in the connection tutorial) are correct

score 0 · Answer 10 · edited Jan 28 '17 at 19:33

0

Try an alternative SSH client, like Poderosa. It accepts pem files, so you will not need to convert the key file.

edited Jan 28 '17 at 19:33

rene

41,474
78
114
152

answered Oct 16 '12 at 11:41

Barak

3,066
2
20
33

Poderosa needs the original pem file, but the converted one created by puttygen – Barak Jun 28 '13 at 09:45
Poderosa needs the original pem file, NOT the converted one created by puttygen – Barak Jun 30 '13 at 09:44

score 0 · Answer 11 · answered Mar 30 '13 at 11:50

I was having the same trouble (and took the same steps) until I changed the user name to 'admin' for the debian AMI I was using.

You should lookup the user name ofthe AMI you are using. The debian AMI is documented here http://wiki.debian.org/Cloud/AmazonEC2Image/Squeeze

score 0 · Answer 12 · answered Apr 11 '13 at 17:12

I have had this same problem. The AMI you are using is the one that is also used by the "Cloud Formation" templating solution.

In the end I gave up with that, and created a Red Hat instance. I was then able to connect by SSH fine using the user root.

The instructions here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html work fine using a Red Hat instance but not using an Amazon Linux instance. I assume they have some username that I didn't think to try (root, ec2-user, and many other obvious ones, all were refused)

Hope that helps someone!

Update: I have since created a "cloud formation" setup and have SSH'd fine. This time I used the template that allows you to specify a key-pair. Many of the stock templates don't allow that, which as you don't seem to be able to add the key-pairs after creation, means that you can never SSH. — Coder, Apr 12 '13 at 11:43

score 0 · Answer 13 · answered Dec 18 '13 at 17:19

0

I use Debain AMI and I try ec2-user, root but correct login is 'admin'.

answered Dec 18 '13 at 17:19

Ace

1

score 0 · Answer 14 · edited May 23 '17 at 10:29

0

I was getting the same error when I tried to create a new key pair and tried to use that new pem/ppk file. I noticed that the Key Pair Name field on the instance was still the old one and in poking around. Apparently, you can't change a key pair. So I went back to the original key pair. Fortunately, I didn't delete anything so this was easy enough.

edited May 23 '17 at 10:29

Community

1
1

answered Feb 02 '15 at 18:15

nomadic_squirrel

614
7
21

score 0 · Answer 15 · answered Dec 01 '20 at 18:05

If you already have a key pair, follow these steps: Convert *.pem to *.ppk using PuTTYgen (Load pem file key then Save ppk) Add ppk auth key file to Putty SSH>Auth options Enter "Host Name (or IP address)" field: ubuntu@your-ip-address-of-ubuntu-ec2-host))

SSH to Amazon EC2 instance using PuTTY in Windows

15 Answers15

Linked