DEVHIDE
Login Or Sign up

ssh AWS ec2 bastion permission denied

1.4k Views Asked by At

When I try to connect to an EC2 in a private network through a bastion server I get this message:

<username>@<ec2-server>: Permission denied (publickey)

However, I can ssh to bastion from my local machine, and I can ssh to the EC2 from the bastion server,

Here is the .ssh/config I'm using:

Host <ec2-servers>*
    IdentityFile ~/.ssh/id_rsa
    User <username>

Here is the command I use to ssh:

ssh -J <bastion-server> <ec2-server>

Note: Permissions are good (700 for ~/.ssh/ and 600 for ~/.ssh/*)

Thanks in advance for your help!

amazon-web-services ubuntu ssh bastion-host
Original Q&A
4

There are 4 best solutions below

0
On BEST ANSWER

Fixed it by adding local ssh public key in the authorized_keys of the remote ec2 instance.

2
On

can you try the following configuration as the username you mentioned as same for both jump host and actual instance you are trying to connect to?

Host 10.2.2.* #ec2 servers cidr range
    ProxyJump [email protected]

I think specifying the IdentityFile ~/.ssh/id_rsa might not be needed as that seems like the default key on your system you are using.

Make sure jumpuser exists with appropriate permissions.

Just fo debugging purposes , run this manually with debug options

ssh -vvv -J username@host1:port username@host2:port

will give plenty of information and you might be able to see where the problem is.

If you are using ssh-agent it remove all the identities and trying might also help.

ssh-add -D

How to Access a Remote Server Using a Jump Host

How to Set Up an SSH Jump Server

1
On

There is likely no user on the remote system called 'username'. Make sure both systems have the same username and public key.

0
On

Just note that RSA keys are being depreciated, and later versions of operating systems disable their use on the CLIENT. That is, where you ssh from. To re-enable it on the client, in your ~/.ssh/config file, enter the following line:

PubkeyAcceptedKeyTypes +ssh-rsa

Note: there are security implications of doing this, so read up on the security issues of rsa if you are concerned. For instance, the following article: https://www.thesslstore.com/blog/is-it-still-safe-to-use-rsa-encryption/ says:

....RSA encryption provides less than 99.8% security.
That sounds negligible, it’s about two in every 1,000.
But does that mean RSA is cracked? Not quite, just vulnerable..

Related Questions in AMAZON-WEB-SERVICES

Related Questions in UBUNTU

Related Questions in SSH

Related Questions in BASTION-HOST

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.