尝试使用RSA密钥SSH进入EC2,获取:不正确的RSA1标识符…权限被拒绝(公钥)

我在Amazon EC2上创build了一个Ubuntu 12.04实例。

我已经下载了PEM文件,并能够SSH进入实例,没有问题。

现在,我想在远程实例上为顾问创build一些帐户,他们应该能够使用RSA密钥ssh到框中。 在EC2机器上,我在〜/ home /中设置了一些帐户,并将它们分配给组pipe理员。 我也给了自己一个类似的帐户(MyTestAccount)进行testing。 这就是我所做的:

我用key-gen在本地机器的.ssh目录(〜/ .ssh)中创build公钥和私钥:

drwx------ 2 peter peter 1024 Sep 14 10:23 .ssh 

和里面的文件:

 -rw------- 1 peter peter 1675 Sep 14 10:23 id_rsa -rw------- 1 peter peter 394 Sep 14 10:23 id_rsa.pub -rw------- 1 peter peter 444 Sep 14 00:05 known_hosts 

然后,SCP将id_rsa.pub文件SCP发送到远程EC2实例,并将其附加到远程实例中的.ssh / authorized_keys文件中。 我的远程.ssh目录的权限:

 drwx------ 2 ubuntu ubuntu 4096 Sep 16 16:13 .ssh 

和我的authorized_keys文件:

 -rw------- 1 peter ubuntu 1179 Sep 14 00:05 authorized_keys 

接下来,我注销了远程实例,并尝试使用新密钥SSH远程框。 当我发出以下命令:

 peter@ubuntu:~/.ssh$ ssh -vvv MyTestAccount@ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com 

我得到下面。 看起来我的私钥有问题吗? 有什么build议么? 谢谢。

 OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: need priv 0 debug1: Connecting to ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com [XX.XXX.XX.XXX] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/home/peter/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/peter/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/peter/.ssh/id_rsa-cert type -1 debug1: identity file /home/peter/.ssh/id_dsa type -1 debug1: identity file /home/peter/.ssh/id_dsa-cert type -1 debug1: identity file /home/peter/.ssh/id_ecdsa type -1 debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1 

[SNIP …]

 debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Trying private key: /home/peter/.ssh/id_dsa debug3: no such identity: /home/peter/.ssh/id_dsa debug1: Trying private key: /home/peter/.ssh/id_ecdsa debug3: no such identity: /home/peter/.ssh/id_ecdsa debug2: we did not send a packet, disable method debug1: No more authentication methods to try. **Permission denied (publickey).** 

这种情况是正常的,并不奇怪。
你得到的消息:

debug3:不正确的RSA1标识符
debug3:无法加载“/home/user_name/.ssh/id_rsa”作为RSA1公钥

并不表示有错误。
RSA1公钥仅用于SSH协议1,该协议已经过期。 目前,SSH协议2主要被使用。

在正常的SSH登录过程中,您很可能会看到带有ssh -vvv警告消息。
你可能会感到惊讶,但不用担心,这是正常的。

参考:
https://bbs.archlinux.org/viewtopic.php?id=122646,#9