-1

I created a new EC2 Instance form my AWS Console and tried to ssh using my keyfile 

ssh -i "myKeypair.pem" ec2-user@instancepublicDNS.amazonaws.com

I was able to login into the server and did these things :

installed httpd. isntalled php. installed mysql.

created a new group "web" and added user apache and ec2-user to this group.Changed my default home directory /home/ec2-user/ ownership to ec2-user:web

Set up FTP for my instance as explained in this answer.

then i installed OPencart in my home directory.

After this is logged out from the SSH using the exit command

but now when i try to login again using the same pem file i get this error:

prince@devilDevice:~$ ssh -v -i "mypemFile.pem" ec2-user@instancepublicDNS.amazonaws.com
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to instancepublicDNS.amazonaws.com [Public IP] port 22.
debug1: Connection established.
debug1: identity file mypemFile.pem type -1
debug1: identity file mypemFile.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA {somefingerprinthere}
debug1: Host 'instancepublicDNS.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/prince/.ssh/known_hosts:18
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: {my_email_address}
debug1: Authentications that can continue: publickey
debug1: Trying private key: mypemFile.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

Please Help.

helloV
  • 50,176
  • 7
  • 137
  • 145
Mohan
  • 4,677
  • 7
  • 42
  • 65
  • According to the debug trace, your client sent two keys to the server, and the server didn't accept either of them. There are half a dozen things on the server which could cause that. You really need to get into the server and troubleshoot this from there. There are lots of questions here and on http://superuser.com/ and http://unix.stackexchange.com/ on this general subject. – Kenster Feb 04 '16 at 14:47

1 Answers1

3

This is the culprit.

Changed my default home directory /home/ec2-user/ ownership to ec2-user:web

sshd tried to get the public key from /home/ec2-user/.ssh/authorized_keys file but couldn't because you changed the owner. So you are denied access.

helloV
  • 50,176
  • 7
  • 137
  • 145
  • any suggestion on how i could fix that, as now i cant login. – Mohan Feb 04 '16 at 15:24
  • 1
    You are out of luck. There is a laborious process of detaching root volume, attaching to another instance, fix your file, then reattaching it etc., it is still possible to salvage your instance but needs some work. – helloV Feb 04 '16 at 15:30
  • ok i was just starting on my application so i will start with a fresh instance. However can you tell me how can i have both my User i.e `ec2-user` and `apache` have access to all my project files without facing the above issue. – Mohan Feb 04 '16 at 15:34
  • 2
    You can give `755 (drwxr-xr-x)` for `/home/ec2-user`. `700 (drwx------)` for `/home/ec2-user/.ssh`. `644 (-rw-r--r--)` for `/home/ec2-user/.ssh/authorized_keys` Always keep an extra ssh session open in case your settings don't work. – helloV Feb 04 '16 at 16:45
  • 1
    I would suggest you put your files in a directory outside of the ec2-user home directory and then simply give ec2-user and apache permission to access that directory. There isn't any reason I can think of for using your home directory. Also, the ec2-user is the master user created with the key you specified in the console. I would also suggest you create your own user, give yourself sudo access and still create another location for the application files. – Brooks Feb 04 '16 at 20:10