Unable to Connect to AWS EC2 Instance via SSH Using RSA Key

0

Hi.

I am experiencing an issue with connecting to my AWS EC2 instance via SSH using an RSA key. My public IP address is added to the security group, and I have ensured that the inbound rules allow SSH traffic (port 22) from my IP. However, I receive the following errors:

From the command line, the error message is: "Bad owner or permissions on [path to key file]". When using MobaXterm, the error message is: "Network error: Permission denied".

We allow all the incoming traffic. We try: When we start to have the issue, we apply a snapshoot to the instance and it doesn't not work ssh -i /path/to/your/key.pem ec2-user@private-instance-private-ip chmod 400 /path/to/your/key.pem TCP ping to the port 22 and the response was Connection timed out. We reverted everything to default We create a new instance under the same VPC subnet We review the VPC subnet, route, and everything was correct.

How can I fix the issue?

TSS
asked 2 months ago221 views
2 Answers
4

My public IP address is added to the security group, and I have ensured that the inbound rules allow SSH traffic (port 22) from my IP.

Are you going through a proxy or something like that? This could mean that the IP address of your device isn't the address that your connection is seen to be originating from.

Just for troubleshooting, consider opening up the security group rule to 0.0.0.0/0 and you can always tighten this up again later.

From the command line, the error message is: "Bad owner or permissions on [path to key file]"

Later on in your question you've identified that key.pem must only be readable by the owner, and you've done this chmod 400 /path/to/your/key.pem

TCP ping to the port 22 and the response was Connection timed out

How did you ping to port 22, as ping uses ICMP not TCP?

Consider opening the ICMP port in your security group rule from source 0.0.0.0/0 - again this is just for troubleshooting and you can remove it later.

Can you do a traceroute or tracert ?

We create a new instance under the same VPC subnet We review the VPC subnet, route, and everything was correct.

Confirm (i) that the instance has a public IP address; (ii) that the route table has a route for 0.0.0.0/0 whose target is an Internet Gateway; (iii) there are no NACLs (there shouldn't be, generally leave these alone and they won't get in your way)

You may want to consider Amazon Reachability Analyser https://docs.aws.amazon.com/vpc/latest/reachability/getting-started.html

Maybe I should have asked this at the start, what AMI has the EC2 instance been provisioned with (OS type, etc.)?

profile picture
EXPERT
Steve_M
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
EXPERT
reviewed 2 months ago
0

Are you going through a proxy or something like that?

I don't use VPN or Proxy.

Later on in your question you've identified that key.pem must only be readable by the owner, and you've done this chmod 400 /path/to/your/key.pem

The key.pem file has chmod 400 permission.

Just for troubleshooting, consider opening up the security group rule to 0.0.0.0/0 and you can always tighten this up again later.

The Security Group is configured with my Public IP, additionally, I set 0.0.0.0/0 as a test and tried to access from my WiFi, which has another public IP, as well as from my own IP.

How did you ping to port 22, as ping uses ICMP not TCP?

TCP Ping does not use the ICMP protocol; TCP Ping is achieved by sending TCP packets to a specific port. I use the paping tool.

Consider opening the ICMP port in your security group rule from source 0.0.0.0/0 - again this is just for troubleshooting and you can remove it later.

I also try this.

Can you do a traceroute or tracert ?

I can perform tracert or traceroute to the IPv4 DNS of my instance, and the last hop is the public IP of my instance.

Confirm

I also confirmed the numbers that you have indicated to me and everything seems to be in order, the instance has a public IP, the route has 0.0.0.0/0 I do not have NACLs

what AMI has the EC2 instance been provisioned with (OS type, etc.)?

The AMI used is Ubuntu, I also have another one with VyOS 1.3.3 from the Community, both stopped working overnight, literally, with different Security Groups. I changed VPC or location and created a free instance with Ubuntu from scratch to test, and the problem is the same.

Best regards,

TSS
answered 2 months ago
  • The AMI used is Ubuntu, I also have another one with VyOS 1.3.3

    To confirm - you're accessing both the Ubuntu and the VyOS EC2s, using the same keypair, and on both you're getting the error "Bad owner or permissions on [path to key file]" when trying to SSH to both?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions