Please note that this post involves enabling password authentication and changing your public key in the
I needed to ssh into my Amazon Lightsail instance but kept getting a "Permission denied (publickey)." error as shown below:
Connecting through the browser-based SSH client also did not help because I got a "CLIENT_UNAUTHORIZED" error as shown below:
I figured that I may have messed up something on the instance's SSH settings (specifically the
authorized_keys file. After googling for solutions to no avail, here is what I did to resolve the problem.
You will need an SSH key pair. You can generate one from a private key using something like PuTTYgen or OpenSSL. To get the default private key, go to the Account > SSH Keys tab. If you have already generated a key pair, you can upload your private key here.
I created a new instance from Snapshots (If you do not have automatic snapshots enabled, you will need to create a manual snapshot under the Snapshots tab of your instance).
(1) Click on Create new instance on the right side of your instance snapshot:
(2) On the next page, we will need to add a
Launch script to run when the instance is initialized. So click on the
Add launch script link to reveal a text area in which to add our script.
This script will
- enable password authentication on the
- delete everything on the
- add a new public key to the
- create a password for user
- restart sshd process.
The Launch script
sed -i "/^[^#]*PasswordAuthentication[[:space:]]no/c\PasswordAuthentication yes" /etc/ssh/sshd_config > /home/bitnami/.ssh/authorized_keys echo -n "---- BEGIN SSH2 PUBLIC KEY ---- Comment: "" AAAAB3NzaC1yc2EAAAADAQABAAABAQCGjcJVVfGRfMWAcdVcOJSHsd1bphfaTWNM !!!!!!!!!!!THIS IS A FAKE PUBLIC KEY. PASTE YOUR OWN PUBLIC KEY HERE AND MAKE SURE YOU DO NOT ADD CHARACTERS BY ACCIDENT!!!!!!!! !!!!!!!!!!59CFjWQ83NnTM5a2el4adblsc268XqE3Ts oA12mcKnbYu4iUltQazOayltKab6Nvz6YN/c5k+MppRu8pXDK/3UeZrwAZS5WrMj lQ1R3M/9o3ghy;ltedksyhodkgesygUVcyAv2yfPxoYf6HNUWwS4nw2OlRvI yWdChii0IlVbjhnNfprKmZUXzDfoxS+kUYGVin0VUG6heKXn0j9kNYZO3e069qVD JX7EMWeFfdOvxL6pGoMamEGrKJC53S+zzIdYGrQz5ilO/iAZ9U5d ---- END SSH2 PUBLIC KEY ----" >| /home/bitnami/.ssh/authorized_keys echo bitnami:yourstrongpasswordhere | chpasswd service sshd restart
(3) Click on the Create instance button at the bottom of the page.
Even after your new instance is created and is running, I found that you still need to give it a few more minutes before you can successfuly SSH into it using a password. Otherwise, it still gave me the "publickey" error.
To connect using a password, use the command:
After you are able to login, check the
/home/bitnami/.ssh/authorized_keys file to confirm that your new public key was added and that it is the only key there.
Next, you may need to disable password authentication to keep your instance secure. Open the
/etc/ssh/sshd_config file and change the
PasswordAuthentication setting back to