I have inherited managing a website. I'm new to this.
I am using a Windows10 machine to connect to an AWS EC2 instance using SFTP and a keyfile made from the string (copy/paste from one file to another) for the RSA private key. That keyfile was created on the Windows machine using NotePad and given the Key Name shown in AWS instance with an extension of .pem.
I get "server refused our key" in Filezilla.
I suspect from searching that has something to do with the keyfile, either the format, or where I've stored it, or the permissions granted to it.
I have chosen SFTP as the protocol, the public IP address shown by the AWS Instance as the Host, logon type of keyfile and user as ec2-user. My keyfile is in a directory simply called AWS.
I've checked there isn't a newline at the end of the keyfile.
There is only one user who has access and that user has Read permission only. That user is however my Windows username, not ec2-user.
Can you point me at where I'm going wrong and how to fix this please?
Server refused our key Windows Client
Moderator: Project members
Re: Server refused our key Windows Client
If authentication with the key file was attempted, it means that the file is at the very least syntactically correct.
Does the public key in the server's authorized_keys file match the public half of the corresponding private key? Are you connecting to the right server with the right username?
Does the public key in the server's authorized_keys file match the public half of the corresponding private key? Are you connecting to the right server with the right username?
-
ant777
- 500 Command not understood
- Posts: 5
- Joined: 2023-05-04 14:08
- First name: Anthony
- Last name: Hammond
Re: Server refused our key Windows Client
Thank you for that and the quick response. Its good to know the key file is syntactically correct.
I know I am connecting to the correct server. Or rather this is why I think I am connecting to the correct server:
- we only have one AWS instance
- I have copy/pasted the public ip address of that instance as shown in the AWS console into the Filezilla Host field and then copy/pasted it from Filezilla into a browser and it goes to our website
I don't know if the public key in the server's authorized_keys file matches the public half of the corresponding private key. I haven't yet got to the understanding of how I can view anything on the server. I tried using Amazon Cloudshell but wasn't sure what machine I was on or how to use it. Unix is something I have little experience of. I can see there are ways of doing this using OpenSSH and Putty and will try to do them to confirm they match (but may hit a similar authentication issue when trying), but for now have to assume I've been given the right RSA key. I did try following something on OpenSSH on Windows before this post, but either it wasn't well written, or I didn't understand it.
I can see these things in my AWS instance relating to key pairs:
Name - same as what I used for my pem file name
Type - RSA
Fingerprint - about 40 pairs of letters/numbers separated by colons
ID - begins "key-"
IF the key is right, any ideas what else the problem could be?
I know I am connecting to the correct server. Or rather this is why I think I am connecting to the correct server:
- we only have one AWS instance
- I have copy/pasted the public ip address of that instance as shown in the AWS console into the Filezilla Host field and then copy/pasted it from Filezilla into a browser and it goes to our website
I don't know if the public key in the server's authorized_keys file matches the public half of the corresponding private key. I haven't yet got to the understanding of how I can view anything on the server. I tried using Amazon Cloudshell but wasn't sure what machine I was on or how to use it. Unix is something I have little experience of. I can see there are ways of doing this using OpenSSH and Putty and will try to do them to confirm they match (but may hit a similar authentication issue when trying), but for now have to assume I've been given the right RSA key. I did try following something on OpenSSH on Windows before this post, but either it wasn't well written, or I didn't understand it.
I can see these things in my AWS instance relating to key pairs:
Name - same as what I used for my pem file name
Type - RSA
Fingerprint - about 40 pairs of letters/numbers separated by colons
ID - begins "key-"
IF the key is right, any ideas what else the problem could be?
-
ant777
- 500 Command not understood
- Posts: 5
- Joined: 2023-05-04 14:08
- First name: Anthony
- Last name: Hammond
Re: Server refused our key Windows Client
Here is an update.
I requested a .pem file from the original owner of the site. I've done a duplicate file comparison of that file and the one I created and they both match, although the permissions on them are different. If I try to use the new .pem file I get told the permissions are "too open" using the ssh command below so I've stuck with the pem file I created which I have Read permission for and no other account has access to..
I used OpenSSH on the Windows 10 client and tried to connect using ssh -vvv -i e:\AWS\MyKeyPair.pem ec2-user@x.xx.xxx.xxx where x.xx.xxx.xxx is the host.
I am running this as administrator within a CMD window.
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug3: Failed to open file:E:/Users/Ant/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname x.xx.xxx.xxx is address
debug2: ssh_connect_direct
debug1: Connecting to x.xx.xxx.xxx [x.xx.xxx.xxx] port 22.
debug1: Connection established.
debug3: Failed to open file:e:/AWS/MyKeyPair.pem.pub error:2 Comment: this is the folder where my pem file is
debug1: identity file e:\\AWS\\MyKeyPair.pem type -1
debug3: Failed to open file:e:/AWS/MyKeyPair.pem-cert error:2
debug3: Failed to open file:e:/AWS/MyKeyPair.pem-cert.pub error:2
debug1: identity file e:\\AWS\\MyKeyPair.pem-cert type -1
I'm assuming when I installed OpenSSH it created a .ssh folder for me. There are no other subfolders and the folder itself contains only a known_hosts file.
I'm now stuck.
I requested a .pem file from the original owner of the site. I've done a duplicate file comparison of that file and the one I created and they both match, although the permissions on them are different. If I try to use the new .pem file I get told the permissions are "too open" using the ssh command below so I've stuck with the pem file I created which I have Read permission for and no other account has access to..
I used OpenSSH on the Windows 10 client and tried to connect using ssh -vvv -i e:\AWS\MyKeyPair.pem ec2-user@x.xx.xxx.xxx where x.xx.xxx.xxx is the host.
I am running this as administrator within a CMD window.
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug3: Failed to open file:E:/Users/Ant/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname x.xx.xxx.xxx is address
debug2: ssh_connect_direct
debug1: Connecting to x.xx.xxx.xxx [x.xx.xxx.xxx] port 22.
debug1: Connection established.
debug3: Failed to open file:e:/AWS/MyKeyPair.pem.pub error:2 Comment: this is the folder where my pem file is
debug1: identity file e:\\AWS\\MyKeyPair.pem type -1
debug3: Failed to open file:e:/AWS/MyKeyPair.pem-cert error:2
debug3: Failed to open file:e:/AWS/MyKeyPair.pem-cert.pub error:2
debug1: identity file e:\\AWS\\MyKeyPair.pem-cert type -1
I'm assuming when I installed OpenSSH it created a .ssh folder for me. There are no other subfolders and the folder itself contains only a known_hosts file.
I'm now stuck.
-
ant777
- 500 Command not understood
- Posts: 5
- Joined: 2023-05-04 14:08
- First name: Anthony
- Last name: Hammond
Re: Server refused our key Windows Client
There is an error in my previous post. The line I have put a comment on is looking for a .pem.pub file, not a pem file, so it wouldn't ever find that file. The full debug follows.
One other thing I forgot to say is the client that the keyfile and keystring I've referred to earlier was copied from is a Mac. I hope that's irrelevant, but wanted to mention it.
E:\Users\Ant>ssh -vvv -i e:\AWS\MyKeyPair.pem ec2-user@x.xx.xxx.xxx
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug3: Failed to open file:E:/Users/Ant/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname x.xx.xxx.xxx is address
debug2: ssh_connect_direct
debug1: Connecting to x.xx.xxx.xxx [x.xx.xxx.xxx] port 22.
debug1: Connection established.
debug3: Failed to open file:e:/AWS/MyKeyPair.pem.pub error:2
debug1: identity file e:\\AWS\\MyKeyPair.pem type -1
debug3: Failed to open file:e:/AWS/MyKeyPair.pem-cert error:2
debug3: Failed to open file:e:/AWS/MyKeyPair.pem-cert.pub error:2
debug1: identity file e:\\AWS\\MyKeyPair.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to x.xx.xxx.xxx:22 as 'ec2-user'
debug3: hostkeys_foreach: reading file "E:\\Users\\Ant/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file E:\\Users\\Ant/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from x.xx.xxx.xxx
debug3: Failed to open file:E:/Users/Ant/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:WRyYi7QBgNTQyC5hHHcfEHlVfQFCxkMq6iFrkBpW/1k
debug3: hostkeys_foreach: reading file "E:\\Users\\Ant/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file E:\\Users\\Ant/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from x.xx.xxx.xxx
debug3: Failed to open file:E:/Users/Ant/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host 'x.xx.xxx.xxx' is known and matches the ECDSA host key.
debug1: Found key in E:\\Users\\Ant/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: e:\\AWS\\MyKeyPair.pem explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: e:\\AWS\\MyKeyPair.pem
debug3: sign_and_send_pubkey: RSA SHA256:5IYit8MOgEwOWY54cvERSJkM7UbejN5IgXyVq81QEIQ
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
ec2-user@x.xx.xxx.xxx: Permission denied (publickey).
One other thing I forgot to say is the client that the keyfile and keystring I've referred to earlier was copied from is a Mac. I hope that's irrelevant, but wanted to mention it.
E:\Users\Ant>ssh -vvv -i e:\AWS\MyKeyPair.pem ec2-user@x.xx.xxx.xxx
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug3: Failed to open file:E:/Users/Ant/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname x.xx.xxx.xxx is address
debug2: ssh_connect_direct
debug1: Connecting to x.xx.xxx.xxx [x.xx.xxx.xxx] port 22.
debug1: Connection established.
debug3: Failed to open file:e:/AWS/MyKeyPair.pem.pub error:2
debug1: identity file e:\\AWS\\MyKeyPair.pem type -1
debug3: Failed to open file:e:/AWS/MyKeyPair.pem-cert error:2
debug3: Failed to open file:e:/AWS/MyKeyPair.pem-cert.pub error:2
debug1: identity file e:\\AWS\\MyKeyPair.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to x.xx.xxx.xxx:22 as 'ec2-user'
debug3: hostkeys_foreach: reading file "E:\\Users\\Ant/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file E:\\Users\\Ant/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from x.xx.xxx.xxx
debug3: Failed to open file:E:/Users/Ant/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:WRyYi7QBgNTQyC5hHHcfEHlVfQFCxkMq6iFrkBpW/1k
debug3: hostkeys_foreach: reading file "E:\\Users\\Ant/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file E:\\Users\\Ant/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from x.xx.xxx.xxx
debug3: Failed to open file:E:/Users/Ant/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host 'x.xx.xxx.xxx' is known and matches the ECDSA host key.
debug1: Found key in E:\\Users\\Ant/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: e:\\AWS\\MyKeyPair.pem explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: e:\\AWS\\MyKeyPair.pem
debug3: sign_and_send_pubkey: RSA SHA256:5IYit8MOgEwOWY54cvERSJkM7UbejN5IgXyVq81QEIQ
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
ec2-user@x.xx.xxx.xxx: Permission denied (publickey).
-
ant777
- 500 Command not understood
- Posts: 5
- Joined: 2023-05-04 14:08
- First name: Anthony
- Last name: Hammond
Re: Server refused our key Windows Client
I don't know how I got there as I've tried so many different things, but on one site I found the suggestion that the user name on ubuntu is "ubuntu" and not ec2-user. I also got an email from Amazon telling me I was running an out of support version of ubuntu.
So I tried: ssh -i e:/aws/mykeypair.pem ubuntu@x.xx.xxx.xxxx from a command prompt in Windows and it worked.
I was then able to go back into Filezilla and specified ubuntu as the user there rather than ec2-user and that worked too.
Problem solved.
So I tried: ssh -i e:/aws/mykeypair.pem ubuntu@x.xx.xxx.xxxx from a command prompt in Windows and it worked.
I was then able to go back into Filezilla and specified ubuntu as the user there rather than ec2-user and that worked too.
Problem solved.