1

I created a new EC2 Amazon Linux instance. I want to allow a developer to SSH into the EC2 instance. To test this, I'm trying it from my windows computer. I have followed the instructions in the link below but I can't get SSH (Putty) to connect using the key pair I'm generating.

I'm following the instructions here as reference and here

After logging into EC2 as ec2-user using FireSSH and the pem generated by AWS, I use SSH to run the following commands to create a new user, .ssh directory, and permissions.

[ec2-user ~]$ sudo adduser newuser

[ec2-user ~]$ sudo su - newuser

[newuser ~]$ mkdir .ssh

[newuser ~]$ touch .ssh/authorized_keys

[newuser ~]$ chmod 600 .ssh/authorized_keys

[newuser ~]$ vim .ssh/authorized_keys

Then I paste a public key into authorized_keys using vim. I will explain where I get the public key in the next step.

ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuS ....

To create the public key which I pasted in the previous step I followed the steps in this reference starting at "Generating an SSH Key"

I copied the public key from PuttyKeyGen which is showed in the box labeled "Public key for pasting into OpenSSH authorized_keys". Then I pasted that into the .ssh/authorized_keys file on my EC2 instance in the newuser directory.

I log out of the SSH client on EC2. Then I try to login with Putty using the newly created private key on my windows machine. I use the newuser login name. I get this error in Putty: server refused our key. There is also a dialog box that says Disconnected: No supported authentication methods available {server sent: publickey)

What am I doing wrong in these steps?

Heinrich
  • 1,711
  • 5
  • 28
  • 61

2 Answers2

1

I did two things different and it works now. It's probably the number of bits that made it work.

I generated a new key pair using PuttyGen but I specified SSH-2 RSA with 1024 bits instead of the default that PuttyGen was putting in which was like 2048.

When I logged back into EC2 with my SSH I pasted the public key using nano instead of vim.

Heinrich
  • 1,711
  • 5
  • 28
  • 61
0

Always use ec2-import-keypair features to verified whether it is GOOD for EC2 instance. It the import works, then it is good, otherwise, regen a compliance keypair. If you simply copy a keypair that is not compliance , you will run into trouble.

Here is the document for import key pair

  • OpenSSH public key format (the format in ~/.ssh/authorized_keys)
  • Base64 encoded DER format SSH public key file format as specified in

  • RFC4716 DSA keys are not supported. Make sure your key generator is set up to create RSA keys.

  • Supported lengths: 1024, 2048, and 4096.

mootmoot
  • 12,845
  • 5
  • 47
  • 44