Unable to secure tunnel SSH via private key to IoT Greengrass Core Device.



I'm having trouble SSHing into my core devices by connecting via a private key.

I have successfully installed IoT Greengrass on a raspberry pi and can successfully SSH into it in the following three ways:

  • Creating a secure tunnel and logging in via username and password.
  • SSHing into the device on my local network with username and password.
  • SSHing into the device on my local network using my private ssh key; where the public key has been copied to the device .ssh/authorized_keys

However, when using the AWS console, I am unable to login via the same private key and given the error:

"Failed to authenticate. Try again."

Here are the permissions for both .ssh and .ssh/authorized_keys

root@raspberrypi:/home/pi# stat .ssh File: .ssh Size: 4096 Blocks: 8 IO Block: 4096 directory Device: b302h/45826d Inode: 489068 Links: 2 Access: (0700/drwx------) Uid: ( 1000/ pi) Gid: ( 1000/ pi) Access: 2023-02-01 00:01:43.386002027 +0000 Modify: 2023-03-16 17:17:34.815483753 +0000 Change: 2023-03-16 17:17:34.815483753 +0000 Birth: -

root@raspberrypi:/home/pi/.ssh# stat authorized_keys File: authorized_keys Size: 1648 Blocks: 8 IO Block: 4096 regular file Device: b302h/45826d Inode: 489071 Links: 1 Access: (0600/-rw-------) Uid: ( 1000/ pi) Gid: ( 1000/ pi) Access: 2023-03-16 17:17:34.815483753 +0000 Modify: 2023-03-16 17:17:34.815483753 +0000 Change: 2023-03-16 17:17:34.815483753 +0000 Birth: -

On my device (connected via a local network and the same private key), I do not see any recent logs in: /greengrass/v2/logs/greengrass.log

Am I placing my public key in the correct location for a secure tunnel via a private key, or am I missing some additional configuration?

The device in question has the following components: Enter image description here

Any help would be appreciated.


asked a year ago493 views
3 Answers

Hi, IoT Greengrass promotes a different approach: secure tunnelling over MQTT. See https://docs.aws.amazon.com/greengrass/v2/developerguide/secure-tunneling-component.html Is it unapplicable to your use case? Didier

profile pictureAWS
answered a year ago
  • So I can successfully create a secure tunnel over MQTT and SSH login via username and password to the device using the AWS IoT Console; however, the option to login via private key does not work. Even with my same private key which works logging in over local network (public key is in .ssh/authorized_keys).

    I hope this helps clarify.


Hi Luke, Have you launched a Localproxy in your local source machine? Scure tunneling needs a Local Proxy software to be able to get up the tunnel and allows you reach greengrass from your local computer terminal. In the following link you could find a workshop whereyou could download a local proxy made in C with the steps to get it configured. https://catalog.us-east-1.prod.workshops.aws/workshops/6d30487a-48e1-4631-b6bc-5602582800b5/en-US/chapter7-securetunelling/20-dc-setup

profile pictureAWS
answered a year ago

Hi, if you are using the Secure Tunneling Greengrass component, the logs will be found in /greengrass/v2/logs/aws.greengrass.SecureTunneling.log, not /greengrass/v2/logs/greengrass.log

Please check if you can find info helpful for debugging there.

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions