0

I have two Amazon EC2 Ubuntu instances. When I connect to one of them, I can do

ssh ubuntu@54.123.4.56

and the shell uses the correct keyfile from my ~/.ssh directory.

I just set up a new instance, and I'm trying to figure out how to replicate that behavior for this new one. It's a minor thing, just driving me nuts. When I log in with:

ssh -i ~/.ssh/mykey.pem ubuntu@54.987.6.54

it works fine, but with just

ssh ubuntu@54.987.6.54

I get:

Permission denied (publickey).

I have no idea how I managed to get it to work this way for the first server, but I'd like to be able to run ssh into the second server without the "-i abc.pem" argument. Permissions are 600:

-r-------- 1 mdexter mdexter 1692 Nov 11 20:40 abc.pem

What I have tried: I copied the public key from authorized_keys on the remote server and pasted it to authorized_keys on the local server, with mdexter@172.12.34.56 (private key) because I thought that might be what created the association in the shell between that key and that server for the shell.

The only difference I can recall between how I set up the two servers is that with the first, I created a .ppk key in PuTTy so that I could connect through FileZilla for SFTP. But I think SSH is still utilizing the .pem given by Amazon.

How can I tell the shell to just know to always use my .pem key for that server when SSHing into that particular IP? It's trivial, but I'm trying to strengthen my (rudimentary) understanding of public/private keys and I'm wondering if this plays into that.

Matt Dexter
  • 238
  • 2
  • 16

1 Answers1

2

You could solve this in 3 ways:

  1. By placing the contents of your ~/.ssh/mykey.pem into ~/.ssh/id_rsa on the machine where you are ssh'ing into 2nd instance. Make sure you also change the permissions of ~/.ssh/id_rsa to 600.

  2. Using ssh-agent (ssh-agent will manage the keys for you)

    • Start ssh-agent 

      eval `ssh-agent -s`

    • Add the key to ssh-agent using ssh-add

      ssh-add mykey.pem

  3. Using ssh-config file:

    You could use ssh config file. From the machine where you are trying to ssh, keep the following contents in the ~/.ssh/config file (make sure to give this file 600 permissions):

    Host host2
  HostName 54.987.6.54
  Port 22
  User ubuntu
  IdentityFile ~/.ssh/mykey.pem

    Once you do that now you could access do the ssh like this:

    ssh host2

After performing any of the above steps you should be able to ssh into your second instance with out specifying the key path.

Note: The second option requires you to add the key using ssh-add every time you logout and log back in so to make that a permanent injection see this SO question.

Community
  • 1
  • 1
Ashrith
  • 6,745
  • 2
  • 29
  • 36
  • Worked! Thanks for presenting the three options, all three worked perfectly and helped me to better understand. Question, is id_rsa just a collection of all the different private keys for various servers that you have? I was under the impression id_rsa was the private key for your machine. – Matt Dexter Nov 13 '14 at 01:13
  • `id_rsa` is not a collection of private keys rather it is a private key for a single user generated using RSA algorithm generally by `ssh-keygen`. ssh by default searches for both `id_rsa` and `id_dsa` in user's `~./ssh` if it doesn't finds one it falls back to password authentication if enabled or exits. – Ashrith Nov 13 '14 at 01:23