Permission denied (publickey) when SSH Access to Amazon EC2 instance

Will Button
InstructorWill Button

Share this video with your friends

Send Tweet
Published 6 years ago
Updated 3 years ago

There are two likely causes to the "Permission denied (public key)" error encountered with AWS EC2 instances: incorrect ssh keys and incorrect usernames. In this lesson, I'll address both and show you how to overcome them.

[00:01] There are two main reasons that can cause this error message. Trying to use the wrong SHH key or trying to use the wrong username. I'm going to cover both scenarios in this lesson.

[00:11] Let's start with the wrong SSH key. Each EC2 instance has an SSH key that is authorized to connect. You can see which key by using the EC2 console. For example, the instance you see on the screen uses the key pair named will button. I have to have that key in order to connect.

[00:30] If I don't have it, there's a couple of options. I can recreate this EC2 instance from scratch with a key pair that I do have. Or I can shut the instance down, move the EBS volume to an instance that I can access, and modify the Authorized Keys file to accept the key that I do have.

[00:48] Most of the time though, this error is because you didn't specify the right key when you were trying to connect. By default, the SSH client uses a key named ID_RSA in .SSH directory of your home folder. As you can see in this case, that's not the correct key. I need to specify the correct key in my connection string.

[01:09] I switch back to the console prompt and I can specify the right key using a -iflag. Specify -i and then the path to the key, followed by the IP address of the server. I still got permission denied public key. That's because of the second common issue that causes this error.

[01:28] I didn't specify the right username. If you don't specify otherwise, SSH assumes that the username is the one that you're logged in to the local computer as. We can see that I'm logged in as Will. That's not the correct username for my EC2 instance.

[01:47] The question is, what is the right username? The answer is it depends. It depends on what distribution and AMI image was used to launch the instance.

[01:58] If you launched an Amazon AWS Linux instance, the username is EC2-User. If you launched an Ubuntu instance, the username is Ubuntu. If you launched a Adobe instance, the username is Adman. If you launched a customized AMI from the AWS marketplace, you'll probably need to consult the documentation for that image to get the correct value.

[02:22] If you're not sure, you can get a hint by clicking the AMI ID link for that image. In my case, you can see that it's an Amazon Linux instance, my username is going to be EC2. Let's try our SSH command again. We'll specify the -i, followed by the path to our private key. This time, specify the username and then the IP address of the server. Boom, like magic, I'm in there.