I've been through so many questions on SO like this and none of them have worked, but also I can pinpoint when this happened so I may be able to add another layer of detail.
Most of the solutions indicate that the asker is:
- using the incorrect key
- incorrect username. This is an Ubuntu image and I've tried 'ubuntu', 'ec2-user', and the new username that I created for myself on the machine. None work; all same error message.
Either instance suggests trying: ssh -i kename.pem username@host -vvv
, and this is the way that always worked for me in the past.... until I reimaged my client machine. Ever since then I've gotten the attached ssh trace.
I've tried the second level attempt of creating an AMI from the server I'm locked out of, spinning up a new instance, creating a new key, and trying to log into the new instance. No luck there.
So, my question is: is there something that could have been on the old machine, possibly my public key or something, that I no longer have and thus cannot connect to any of the instances? I was under the impression that you only need the private key to authenticate. I'm pretty thin on SSH protocol aside from logging into machines with it, the trace below doesn't seem to give me any hints as to where this breaks down with the exception of "debug1: Roaming not allowed by server", but maybe that's not relevant and I'm making a bigger deal of it than it is.
I'm hoping the reimaging portion of this question sheds some other light on the subject.
OpenSSH_5.9p1, OpenSSL 1.0.0e 6 Sep 2011 debug2: ssh_connect: needpriv 0 debug1: Connecting to **hostname** [**hostname**] port 22. debug1: Connection established. debug1: identity file /.ssh/id_rsa type -1 debug1: identity file /.ssh/id_rsa-cert type -1 debug1: identity file /.ssh/id_dsa type -1 debug1: identity file /.ssh/id_dsa-cert type -1 debug1: identity file /.ssh/id_ecdsa type -1 debug1: identity file /.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug2: fd 100 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: [email protected],zlib,none debug2: kex_parse_kexinit: [email protected],zlib,none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 [email protected] debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 [email protected] debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA ea:b9:58:59:16:ff:cc:89:72:50:ab:f7:8f:40:ef:3b The authenticity of host '**hostname** (**hostname**)' can't be established. ECDSA key fingerprint is ea:b9:58:59:16:ff:cc:89:72:50:ab:f7:8f:40:ef:3b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '**hostname**' (ECDSA) to the list of known hosts. debug1: ssh_ecdsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /.ssh/id_rsa (0x0) debug2: key: /.ssh/id_dsa (0x0) debug2: key: /.ssh/id_ecdsa (0x0) debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /.ssh/id_rsa debug1: could not open key file '/.ssh/id_rsa': Invalid argument debug1: Trying private key: /.ssh/id_dsa debug1: could not open key file '/.ssh/id_dsa': Invalid argument debug1: Trying private key: /.ssh/id_ecdsa debug1: could not open key file '/.ssh/id_ecdsa': Invalid argument debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey).
$HOME
variable, since the search path for the keys in/
seems somewhat odd. – Joachim Isaksson