0

I have installed a tomcat on Amazon EC2, and from the application I'm trying to write in a folder in /home/ec2-user/folder. but I did not get, because the tomcat user had permission to the folder.

I tried to change the owner for the tomcat user and neither got. I thought maybe the folder / home / ec2-user / was the problem then change to that folder permissions ... but did not work.

Searching the Internet I found the command setenforce 0, but it did not work.

Then I close the session, and when I try to log in again receive the following message

ssh -i "Amazon-Tomcat.pem" ec2-user@ec2-52-39-23-66.us-west-2.compute.amazonaws.com
Permission denied (publickey).

I think maybe it's because I have no access to / home / ec2-user / then attempt to root but I get

ssh -i "Amazon-Tomcat.pem" root@ec2-52-39-23-66.us-west-2.compute.amazonaws.com
Please login as the user "ec2-user" rather than the user "root".

Connection to ec2-52-39-23-66.us-west-2.compute.amazonaws.com closed.

if I use -v in connection command receives the following message

ssh -i "Amazon-Tomcat.pem" ec2-user@ec2-52-39-23-66.us-west-2.compute.amazonaws.com -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-52-39-23-66.us-west-2.compute.amazonaws.com [52.39.23.66] port 22.
debug1: Connection established.
debug1: identity file Amazon-Tomcat.pem type -1
debug1: identity file Amazon-Tomcat.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 21:76:3c:72:dd:68:14:c5:83:a6:09:9a:80:26:74:bc
debug1: Host 'ec2-52-39-23-66.us-west-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/rodrigo/.ssh/known_hosts:7
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: OpenShift-Key
debug1: Authentications that can continue: publickey
debug1: Trying private key: Amazon-Tomcat.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

Thank you very much for any advice, pardon my stupidity

user60108
  • 3,270
  • 2
  • 27
  • 43
  • 1
    I assume that `Amazon-Tomcat.pem` is an SSL client certificate in PEM format. Is that also the certificate's file name? According to the ssh man page, "ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames." So maybe your file needs to named `Amazon-Tomcat.pem-cert.pub` instead? (Yes, that's a weird file name, but I'm just guessing after having had a short look at the man page.) – Axel Beckert Apr 27 '16 at 00:24
  • 1
    Oh, and why is this tagged "putty"? There is no putty in the question and the `ssh` syntax looks like OpenSSH syntax. – Axel Beckert Apr 27 '16 at 00:30
  • @AxelBeckert Thanks, but I downloaded the file from amazon. I logged always using those commands – user60108 Apr 27 '16 at 02:41

2 Answers2

1

You've made the permissions on your .ssh key public key too lax by mistake and this means that the ssh login process is refusing to work

To fix it, see the highest scoring answer to this question Change key pair for ec2 instance

Basically you have to mount the disk from the now broken ec2 onto a new ec2 and fix it

To address your original problem(tomcat writing to a folder), give "other x" access to your /home/ec2-user home folder top level

chmod o+x /home/ec2-user

and "all" access to your "folder"

chmod 777 /home/ec2-user/folder

leave the .ssh directory and other directories unchanged

And next time test ssh is still working before you logout!

Community
  • 1
  • 1
Vorsprung
  • 32,923
  • 5
  • 39
  • 63
1

If you are using a Mac or linux / unix flavor machine, run the ssh command again and then tail -f /var/log/auth.log. The last few lines will give the exact error message. Try changing the permissions on keypair file to 600 (run chmod 600 Amazon-Tomcat.pem) and then try ssh again.

krishna_mee2004
  • 6,556
  • 2
  • 35
  • 45