Issue
Short problem description: I had created two new AWS EC2 server instances on Redhat Linux and Ubuntu operating system. I was trying to login to it through SSH via Putty but was getting errors(detailed errors further in question). This is just a short description.
Detailed problem description: I generated a new .pem file after creating a free tier Amazon EC2(Elastic Compute Cloud) server of Ubuntu 20 O.S version. Then I have used PuttyGen
software in my Windows-10 O.S p.c. While trying to login through putty it was giving me an error as shown in the following error description, due to this I was not able to login to aws machines, I have further investigated the issue and all details of troubleshooting steps are mentioned in detailed manner in this self answered question(other suggestions/solutions are welcome).
Error's description:
"Server refused our key"
On terminal AND "NO supported authentication method available(server sent:public ke;gssapi-with-mic)"
Solution
Initial troubleshooting:
- My very initial thought was that it could be control M characters in .pem file OR in private key. But when checked key looked fine.
- Then I thought it could be inbound rule issue, that we are NOT allowed to do ssh to aws server but NO I was wrong when I checked configuration of server I found it was fine and 22 port was there for ssh.
- Then I thought if .pem file has proper permissions or not I checked and yes it was having read permissions on all users(whoever has had access to it).
Obviously nothing of above worked; enough talks so coming now to actual solution now :)
ACTUAL FIX with complete steps:
- Since I am using Windows 10 O.S in my P.C so I have thought to go for any other medium to do
ssh
, hence I tried SSH with powershell as follows.
PS E:\test> ssh -i "aws_key_generator.pem" ubuntu@singh_server_test.compute.amazonaws.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'aws_key_generator.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "aws_key_generator.pem": bad permission
- Above has given me lot of confidence and shown path to me what to do next. I immediately checked permissions of file again (which was READ and verified as mentioned in my initial troubleshooting column above). Then I saw that other groups are present in permissions and then I removed inheritance by going to
"Right click on .pem file"-->"Properties"-->"Security"-->"Advance"
and disabled “Inheritance” from there. - Then I only kept "admin" group with READ ONLY permissions to it and saved the properties of file.
- Again I tried to SSH from PUTTY(using private key file generated from PuttyGen mentioned in problem statement) but it failed.
- But when I tried from powershell command(which used .pem file) it had been successful login now.
- Then I su as root and went to /home/ubuntu/.ssh directory and checked authorized_keys file and couldn’t see PUBLIC key inside it.
- So I added Public key generated by
PuttyGen
to "authorized_keys" and saved it. - Again I tried to login to server by Putty with passing private key to it and I was successfully able to login now BINGO :)
I have fixed issue with this work around fix and thought to share with all here; other solutions are welcomed too, cheers and Happy learning.
Answered By - RavinderSingh13