51工具盒子英文:
SSH connection for existing EC2 instance
问题 {#heading}
我正在尝试建立与从客户接管的项目的SSH连接。我使用AWS CLI创建了一个新密钥:
aws ec2 create-key-pair --key-name NewKeyName --query 'KeyMaterial' --output text > NewKeyName.pem
我将权限更改为004。我在AWS控制台网页的"密钥对"下看到了该密钥。我创建了一个IAM用户并授予了它所有权限。
但当我尝试连接时出现以下错误:
ssh -i ~/.ssh/NewKeyName.pem rt@ec1-1-1-1.eu-central-1.compute.amazonaws.com
Permission denied (publickey)
我还尝试了常规的公共IP地址。我尝试使用"EC2实例连接"在"实例 > 连接到实例"下连接,但出现错误:
建立与您的实例的SSH连接时发生错误。请稍后重试。```
我尝试使用"EC2串行控制台"从"实例 \> 连接到实例"连接,但遇到相同的错误。现在我不知道还有什么可以尝试的了... 似乎什么都不起作用... 我还尝试了创建自己的私钥/公钥并上传,但结果相同。
我可以看到用于创建实例的密钥,但那个用户已经不存在了,但我们应该能够使用新的SSH密钥连接,对吗?
还有什么其他尝试的方法吗?
\<details\>
\<summary\>英文:\</summary\>
I\'m trying to get a ssh connection to a project I took over from a client. I created a new key using AWS cli: `aws ec2 create-key-pair --key-name NewKeyName --query &#39;KeyMaterial&#39; --output text &gt; NewKeyName.pem`
I changed the permission to 004. I see the key under \"Key Pairs\" in the AWS console webpage. I created a IAM user and granted it all permissions.
`ssh -i ~/.ssh/NewKeyName.pem rt@ec1-1-1-1.eu-central-1.compute.amazonaws.com` `Permission denied (publickey)` .. I also tried with the regular public ip address.. I tried connecting with \"EC2 Instance Connect\" under \"Instances \> Connect to instance\" and getting error: `Failed to connect to your instance Error establishing SSH connection to your instance. Try again later.` I tried connecting with \"EC2 serial console\" from \"Instances \> Connect to instance\" and getting same error. I have no idea what else to try now... nothing seems to work.. I also tried creating my own private/public keys and uploading but same result.
I can see the key that was used to create the instance, but that user is gone, but we are supposed to be able to connect with a new ssh key right?
What more is there to try?
\</details\>
答案1
===
得分: 1
更改EC2实例的SSH密钥需要访问该实例,要么使用先前的密钥,要么使用直接在实例上设置的用户名/密码。
IAM不处理实例内的低级用户管理。
如果无法恢复先前的SSH密钥,访问该计算机上的数据的唯一方法是将其卷附加到一个新创建的实例上,该实例具有已知的SSH密钥。
\<details\>
\<summary\>英文:\</summary\>
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replacing-key-pair.html isn\'t possible without accessing the instance, either using the previous key or with a username/password previously set up directly on the instance.
IAM doesn\'t handle low-level user management within an instance.
If you can\'t recover the previous SSH key, the only way to access the data on that machine is to attach its volume to a newly created instance, which has a known SSH key associated with it.
\</details\>
答案2
===
得分: 0
我所做的是为了解决这个问题,我意识到我们实际上需要在连接之前替换/添加.ssh/authorized_keys中的SSH密钥。
我所做的是:
* 从AWS控制台卸载磁盘。
* 创建一个新的Linux实例,使用新的磁盘和新生成的密钥。
* 将旧磁盘附加到新实例(现在您有2个已附加的磁盘)。
* SSH连接到新实例并挂载旧磁盘。
* 进入挂载的磁盘并使用新密钥更改.ssh/authorized_keys文件。
* 卸载旧磁盘并重新附加到旧实例,现在已经更新了authorized_keys文件。
\<details\>
\<summary\>英文:\</summary\>
Want i did to fix this realizing that we do actually need to replace/add the ssh key in .ssh/authorized_keys before we are able to connect.
What I did was:
* detach the disk from aws console.
* create new linux instance with new disk and newly generated keys
* attach old disk to new instance (you now have 2 disks attached)
* ssh into new instance and mount the old disk
* cd into the mounted disk and change the .ssh/authorized_keys with the new key
* detach old disk and reattach to old instance which now that the updated authorized_keys file
\</details\>
