tags:

views:

6554

answers:

4
+1  Q: 

SSH into Amazon EC2 Instance

I'm working to set up Panda on an Amazon EC2 instance. I set up my account and tools last night and had no problem using SSH to interact with my own personal instance, but right now I'm not being allowed permission into Panda's EC2 instance. Getting Started with Panda

I'm getting the following error:

@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @

Permissions 0644 for '~/.ec2/id_rsa-gsg-keypair' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.

I've chmoded my keypair to 600 in order to get into my personal instance last night, and experimented at length setting the permissions to 0 and even generating new key strings, but nothing seems to be working.

Any help at all would be a great help!

+2  A: 

Make sure that the directory containing the private key files is set to 700

Mark Biek  2008-10-14 16:33:01
A: 

Hm, it seems as though unless permissions are set to 777 on the directory, the ec2-run-instances script is unable to find my keyfiles. I'm new to SSH so I might be overlooking something.

Bryan Woods  2008-10-14 16:38:32
I don't know much about EC2 instances specifically. Generally though, you have your private key (600) in ~/.ssh (700).
Mark Biek  2008-10-14 16:41:23
+2  A: 

I've chmoded my keypair to 600 in order to get into my personal instance last night,

And this is the way it is supposed to be.

From the EC2 documentation we have "If you're using OpenSSH (or any reasonably paranoid SSH client) then you'll probably need to set the permissions of this file so that it's only readable by you." The Panda documentation you link to links to Amazon's documentation but really doesn't convey how important it all is.

The idea is that the key pair files are like passwords and need to be protected. So, the ssh client you are using requires that those files be secured and that only your account can read them.

Setting the directory to 700 really should be enough, but 777 is not going to hurt as long as the files are 600.

Any problems you are having are client side, so be sure to include local OS information with any follow up questions!

Stu Thompson  2008-10-20 07:41:32
A: 

ec2-run-instances should only require a keypair name, which is something that lives on Amazon's side. You only should be using your actual private key (the one on disk) when you SSH in. What error are you getting from ec2-run-instances?

 2008-10-30 23:30:03

related questions

Is there a better Java implementation of SSH2 than JSch?
Check out from a remote SVN repository TO a remote location?
Download files to local drive when sshed
Are there any good free .Net network libraries? (FTP, SFTP, SSH, etc.)
How do you install an ssh server on qnx?
How do I remove the passphrase for the SSH key without having to create a new key?
ssh-agent with passwords without spawning too many processes
Why does cisco IOS require domain-name to be set before SSH keys can be generated?
Setting the default ssh key location
Managing authorized_keys on a large number of hosts.
Inter-convertability of asymmetric key containers (eg: X.509, PGP, OpenSSH)
Which is the best way to bring a file from a remote host to local host over an SSH session?
Is it possible to forward ssh requests that come in over a certain port to another machine?
Can you have virtual users using an SFTP server?
Why does Vista complain about a dead process when I use Cygwin X11 ssh and how do I get it to shut up?
ssh hangs when command invoked directly, but exits cleanly when run interactive
Getting ssh to execute a command in the background on target machine
How do you use ssh in a shell script?
Avoid traffic shaping by using ssh on port 443
Alternative SSH Application to Plink
What are some good SSH Servers for windows?
Keep Remote Directory Up-to-date
Allow user to set up an SSH tunnel, but nothing else
How do I setup Public-Key Authentication?
Gtk SSH client for Linux?