我刚开始一个EC2实例，我有困难启动SSH连接。注意，我必须使用相同的密钥工作正常SSH的previous EC2实例。我很困惑，因为我使用相同的密钥对开始这个新的EC2实例。

下面是我曾尝试。对可能被这里发生的任何专家的意见？而如何解决？

  @我的ubuntu：〜/键$的ssh -i mykey.pem ubuntu@1.2.3.4
主机的真实性'1.2.3.4（1.2.3.4）'不能成立。
RSA密钥指纹是AA：BB：CC：CC：CC：CC：CC：CC：CC：CC：CC：CC：CC：CC：CC。
要继续连接（是/否）吗？是
警告：永久添加1.2.3.4（RSA）已知主机的列表中。
权限被拒绝（公钥）。

我@ Ubuntu的：〜/键$搭配chmod 400 mykey.pem
我@ Ubuntu的：〜/键$的ssh -i mykey.pem ubuntu@1.2.3.4
权限被拒绝（公钥）。

我@ Ubuntu的：〜/键$的ssh -v -i mykey.pem ubuntu@1.2.3.4
OpenSSH_5.8p1 Debian的1ubuntu3，OpenSSL的0.9.8o 2010 06月01日
DEBUG1：读取配置数据的/ etc / SSH / ssh_config中
DEBUG1：应用选项*
DEBUG1：连接到1.2.3.4 [1.2.3.4]端口22。
DEBUG1：连接建立。
DEBUG1：标识文件mykey.pem类型-1
DEBUG1：标识文件mykey.pem证书类型-1
DEBUG1：远程协议版本2.0，远程软件版本OpenSSH_5.3
DEBUG1：比赛：OpenSSH_5.3拍的OpenSSH *
DEBUG1：启用兼容模式协议2.0
DEBUG1：本地版本字符串SSH-2.0-OpenSSH_5.8p1 Debian的1ubuntu3
DEBUG1：SSH2_MSG_KEXINIT发
DEBUG1：收到SSH2_MSG_KEXINIT
DEBUG1：KEX：服务器 - ＆GT;客户AES128-CTR HMAC-MD5无
DEBUG1：KEX：客户 - ＆GT;服务器AES128-CTR HMAC-MD5无
DEBUG1：SSH2_MSG_KEX_DH_GEX_REQUEST（1024＆LT; 1024＆LT; 8192）派
DEBUG1：期待SSH2_MSG_KEX_DH_GEX_GROUP
DEBUG1：SSH2_MSG_KEX_DH_GEX_INIT发
DEBUG1：期待SSH2_MSG_KEX_DH_GEX_REPLY
DEBUG1：服务器主机密钥：RSA AA：BB：CC：CC：CC：CC：CC：CC：CC：CC：CC：CC：CC：CC：CC
DEBUG1：主机1.2.3.4是已知的和RSA主机密钥相匹配。
DEBUG1：在/home/me/.ssh/known_hosts:10找到关键
DEBUG1：ssh_rsa_verify：签名正确
DEBUG1：SSH2_MSG_NEWKEYS发
DEBUG1：期待SSH2_MSG_NEWKEYS
收到SSH2_MSG_NEWKEYS：DEBUG1
DEBUG1：由服务器不允许漫游
DEBUG1：SSH2_MSG_SERVICE_REQUEST SENT
DEBUG1：收到SSH2_MSG_SERVICE_ACCEPT
DEBUG1：身份验证，可以继续：公钥
DEBUG1：下一个身份验证方法：公钥
DEBUG1：尝试私钥：mykey.pem
DEBUG1：读PEM私钥进行：输入RSA
DEBUG1：身份验证，可以继续：公钥
DEBUG1：没有更多的认证方法去尝试。
权限被拒绝（公钥）。
 

解决方案

您使用的是一定是错误/丢失，有没有办法可以恢复的私有密钥对，因为我曾经失去了.pem文件的密钥对和必须重新创建和实例。 它类似于密码，亚马逊不保存私钥出于安全原因。

要修复它。

转到AWS管理控制台 1.停止实例并创建相同的AMI图像。 2.使用AMI图像创建并连接到一个新的密钥对启动一个新的实例。 3.然后分配哪些是pviously分配给旧实例$ P $的弹性IP。 4.如果一切工作正常删除旧的实例。

，因此提出保存XXXX.pem文件放在网上。

I just started an EC2 instance and I am having difficulty initiating an ssh connection. Note that I had a previous EC2 instance that worked fine for ssh using this same key. I am confused because i started this new EC2 instance using the same key pair.

Below is what I have tried. Any expert advice on what might be going on here? And how to fix it?

me@ubuntu:~/keys$ ssh -i mykey.pem ubuntu@1.2.3.4
The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established.
RSA key fingerprint is aa:bb:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '1.2.3.4' (RSA) to the list of known hosts.
Permission denied (publickey).

me@ubuntu:~/keys$ chmod 400 mykey.pem
me@ubuntu:~/keys$ ssh -i mykey.pem ubuntu@1.2.3.4
Permission denied (publickey).

me@ubuntu:~/keys$ ssh -v -i mykey.pem ubuntu@1.2.3.4
OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file mykey.pem type -1
debug1: identity file mykey.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA aa:bb:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc
debug1: Host '1.2.3.4' is known and matches the RSA host key.
debug1: Found key in /home/me/.ssh/known_hosts:10
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: mykey.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

The keypair which You are using must be wrong/lost and there is no way you can recover the Private key pair as i had once lost the .pem file and have to recreate and instance. Its like a password and Amazon don't save the private key for security reasons.

To fix it.

Go to the aws management console 1. stop the instance and create an AMI image of the same. 2. Launch a new instance using the AMI Image created and a new keypair attached to it. 3. Then assign the elastic IP Which was previously assigned to the old instance. 4. If everything works fine remove the old instance.

And hence forth save the XXXX.pem file somewhere online.