1

I'm trying to access new user which is created in AWS instance using SSH, but it throws an error when i execute the command ssh -i new_keypair.pem [email protected]

Error : Permission denied (publickey,gssapi-keyex,gssapi-with-mic)..

I followed each and every steps as mentioned in AWS document https://aws.amazon.com/premiumsupport/knowledge-center/new-user-accounts-linux-instance/

Please Let me know is there any additional configurations are required to access newly added user using SSH..

Improve this question
6
  • Try adding sudo before firing this command Commented Jun 21, 2017 at 15:03
  • @dinesh But when i trying to access old_user with new_keypairs, it's working fine. Note : i don't have sudo success Commented Jun 21, 2017 at 15:08
  • 1
    @VenkateshKuppusamy which linux flavour are u using? Commented Jun 21, 2017 at 15:13
  • @Dinesh K centos Commented Jun 21, 2017 at 15:15
  • docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html Commented Jun 21, 2017 at 15:20

2 Answers 2

Reset to default
3

Add the newly created user in /etc/ssh/sshd_config as mentioned below. It's also working fine.

AllowUsers root new_user

AllowGroups root new_user

Improve this answer
1
  • 1
    Please note : AllowUsers -- This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. And that the allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Commented Jun 22, 2017 at 9:49
1

SSH to your EC2 Instance as standard ec2-user

sudo adduser -m testuser sudo su - testuser mkdir .ssh chmod 700 .ssh touch .ssh/authorized_keys chmod 600 .ssh/authorized_keys

On your local pc, if you don't have them already, generate rsa keys (always give enter on default options)

ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub

Copy the output (something like this)

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTvTnCzaaIPChWXgvxlyswcNzzTjlYUcfNExm6zGGJRtEcjvHMpV6vg9XMOb9ZgRNhgpWQqitQ9yLy+mjznDerfuK9RsEIdu5wb7uVFXs6TGHy8b9sqid0PH6PYuWiZ1/pA6cRrtQudeqlZuVV5wyimPFKZONW3v+BOp+AtIvChPhZI+rWn0T3vxi2NTHfdqW93VqsQ7ReEkzd1RGxJZ+1X0kADmCJKjwAoju0DvvVz3/xdsc2UT3rjRsUTxDR1bH4GBQr7U1pwCGAqZqvEl72TLpUdWRECG42qIPsut95c237gtzkwlU7iAOeiPWJduMV/bPxXnrB/YqF+XwRMuiz testuser@testEC2

and paste into the .ssh/authorized_keys of your testuser of testinstance (using vi or nano or whatever)

from your client ssh to your ec2

ssh [email protected]

This will work. I don't really get the Amazon way of sharing and setting up pem keys. I think it is easier for their automated systems but not for sysadmins. You can use your public key that way on all the servers you need to admin.

Improve this answer
2
  • -m is not needed. Please remove it. Commented Mar 19, 2019 at 13:28
  • @SmallChess as a home dir is necessary to add .ssh directory and files, I think it's ok to create it with explicit -m Commented Mar 25, 2019 at 13:58

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.