I have an Ubuntu server on Amazon EC2, that I use for development, and today I stupidly cleared everything out of my ~/.ssh/authorized_keys file. Luckily I have an SSH open, so I am still connected, and can fix the file, but when I try to put my key file back, it doesn't work. I still get permission denied from the server on my local machine.
authorized_keys has the permissions 600. I have tried appending my SSH key with ssh-rsa and leaving the ssh-rsa off. I also tried making the SSH key all one line, but that didn't work either.
Is there something else that I have to do like reload the file some how?
You should never save the file with its contents starting with
-----BEGIN RSA PRIVATE KEY-----on the server, that is your private key. Instead, you must put the public key into the~/.ssh/authorized_keysfile.This public key has the
.pubextension when generated usingssh-keygenand its contents begin withssh-rsa AAAAB3. (The binary format is described in the answers to this question).The permissions of
~/.sshon the server should be 700. The file~/.ssh/authorized_keys(on the server) is supposed to have a mode of 600. The permissions of the (private) key on the client-side should be 600.If the private key was not protected with a password, and you put it on the server, I recommend you to generate a new one:
You can skip this if you're fully sure that nobody can recover the deleted private key from the server.
If this does not help, run
sshwith options for more verbosity:On the server side, you can review
/var/log/auth.logfor details.An alternative way to install your public key in the remote machine's
authorized_keys:Some advantages:
does not require
ssh-copy-idto be installed.guarantees that
mkdirworks before attempting to appendid_rsa.pubtoauthorized_keys.If you have login based authentication then use
ssh-copy-idto append your public keys to remote server.Easiest way is to copy and paste...
First view/copy the contents of your local public key
id_rsa.pubincluding the beginning "ssh-rsa" until it ends with your email address:Then edit
authorized_keyson the server and paste contents of your clipboard below any other keys in that file:And save
Ctl+O, exit the fileCtl+X, exit the SSH sessionexitand try logging back in to confirm it worked. If it didn't ask for a password it worked.Get a shell on the remote machine where you want to put the key and then you can run this one-liner to create the necessary files and directories, set their permissions and append the key to the file. Of course you have to change the
KEYGOESHEREpart below and the comment after it.I thought I can contribute to this since it is about AWS instances specifically and all the answers only treat the problem as a Linux issue, as if it was a piece of hardware. First thing you need to understand is that you should never, ever, don't treat EC2 instances as hardware. That's just going to create more work for you Treat them as volatile. That's the biggest hurdle I see people having with AWS. Make an AMI of your instance and inject the key you need into the new instance. cloud-init will take care of it for you. In more detail all you have to do is use the correct public key when creating the new instance out of the AMI of the original. If, like in the comments of the approved answer you want to generate your own key pair of pub and pem files AWS provides you with the option to upload your public keys for use in EC2.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#how-to-generate-your-own-key-and-import-it-to-aws
After saving public key you should save the private key into a directory and file on your pc. And in the auth section of ssh on putty you should point to the private key file that you saved on your desktop. It will work. It works for me.
Here's a variation whereby you might have a list of public key filenames in a text file and the big batch of public key files are also in the same directory.
This variation can be helpful if you were giving a huge list of public key files to import :-)