Hi,
Im getting permission denied public key when trying to connect to my ec2 ubuntu localhost itslef
EC2 instance is configured to use public key authentication by default. You have to generate a key pair for your root account, and setup authorized_keys accordingly.
I already have my kepair.ppk and pem file. How do I use in command to connect ?
בתאריך יום ב׳, 26 ביולי 2021, 04:12, מאת hieunba via HashiCorp Discuss <hashicorp@discoursemail.com>:
Is this a boundary dev instance?
Yes, its on ubuntu server
בתאריך יום ב׳, 26 ביולי 2021, 22:20, מאת omkensey via HashiCorp Discuss <hashicorp@discoursemail.com>:
OK, so you’ve got boundary dev running on what looks like an AWS Ubuntu instance and you’re logged into that instance and trying to connect to the default SSH target.
Note that because you’re calling it using sudo, boundary connect runs as the root user and therefore SSH is trying to connect to root because no other user is specified in the SSH command. This probably is not what you want. If you do really want to connect to the root user, you probably want to drop sudo and run boundary connect ssh -target-id ttcp_1234567890 ... -username root. Also note that either way, if you want to connect to root, root needs to be set up to trust the key you use by adding the public key to root’s ~/.ssh/authorized_keys file – AWS only sets up the default instance user to trust the key you specify for the instance (in this case, the ubuntu user). You can look at ~/.ssh/authorized_keys for the ubuntu user to see what that should look like for root too. (If you are OK just connecting to the ubuntu user, you can skip this because the ubuntu user is already set up that way.)
Your SSH key files are probably on your local workstation (Windows running PuTTY, probably, if .ppk files are involved?), not on the Ubuntu instance, so by default they can’t be picked up for authenticating to the chosen user on the instance. If you run an SSH agent locally and add the keypair to it, then connect to the AWS instance with agent forwarding enabled, this should work (I think I remember PuTTY has both of these capabilities, though it’s been a while). Alternately, you can set up a new keypair for the ubuntu user by using ssh-keygen while logged into the instance (in which case, add its public key to the ~/.ssh/authorized_keys file of the users you want to test using that keypair).
(One thing to specifically avoid doing is copying your existing private key up to the Ubuntu instance – SSH private key files should never move across the network.)
When I use boundary connect -exec putty to the machine and adding the ppk it works but How can I use it in the command itself? Do I need to add the ppk to /.ssh/authorized_keys on ubuntu boundary server itself?
The public key is already in the /.ssh/authorized_key on ubuntu instance itself. how can I use private key to connect with boundary connect ssh itself to ubuntu itself localhost machine?
I think the issue is that only the public key is there, and only in the ubuntu user’s account. You’d need that public key in the root user’s account (and the root account has to exist and SSH has to allow login as root – do they?) to use that private key to SSH as root, and you’d need to either use an SSH agent with PuTTY and forward the agent connection from your Windows host when you SSH with Boundary, or generate a keypair in the ubuntu account and trust that public key as well.
Either way, it looks like Boundary is OK, and the issues you’re having are around SSH keys and which accounts trust which keys.