AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

EC2 instance has started refusing SSH access

0

I created several EC2 instances running Amazon Linux 2 a few weeks ago, all with SSH access. A few days ago, one instance stopped allowing SSH access with the message ec2-user@10.0.145.93: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). - an error message I'd expect to see if my SSH keys were invalid.

The instance is still running, and the cron jobs I configured on it are still running as normal. I don't have serial console to the instance but I was able to create an AMI and then a VMDK from the instance in its current state and mount the filesystem to attempt to figure out what's wrong. As far as I can tell all the SSH configuration is still as I configured it: all the correct keys are still present in ~/.ssh/authorized_keys and the contents of /etc/ssh/ are identical to a clean AL2 install.

The security groups haven't changed (they still allow SSH access) and the SSHD config is the same, so what is going on?

질문됨 2년 전462회 조회
1개 답변
2
수락된 답변

Check the permissions on your home directory, the .ssh directory, and the authorized_keys file.

profile pictureAWS
전문가
답변함 2년 전
profile picture
전문가
검토됨 7달 전
  • I can't check the permissions as they are on the instance, the act of mounting the filesystem changes all the permissions and ownerships. I'm not sure what would have caused the permissions/ownerships to have changed anyway on the instance?

  • You will need to review to the OS level logs for that information.

  • You're right, sshd is reporting 'bad ownership or modes for directory /home/ec2-user', and the permissions for /home/ec2-user have changed from 700 to 775. Any ideas what might have caused the mode/ownership to change?

  • Found it. One of our build scripts creates a file using umask 022. I didn't realise it defaulted to use ~ if the actual build location was missing - hence the permissions of ~ and all its parent directories changed! Lesson learnt...

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠