Amazon-web-services – Trying to use RSA Keys to SSH into EC2, Getting: Incorrect RSA1 identifier… permission denied (public key)

amazon ec2amazon-web-servicessshUbuntu

I have created a Ubuntu 12.04 instance on Amazon EC2.

I have downloaded the PEM file and am able to SSH into the instance, no problem.

Now, I want to create some accounts on the remote instance for consultants, etc.
They should be able to ssh into the box using RSA keys. On the EC2 machine, I have set up a few accounts in ~/home/ and assigned them to the group admin. I have also given myself a similar account (MyTestAccount) for testing. This is what I did:

I used key-gen to create public and private keys in the .ssh directory on my local machine (~/.ssh):

drwx------  2 peter peter 1024 Sep 14 10:23 .ssh

And the files inside:

-rw-------  1 peter peter 1675 Sep 14 10:23 id_rsa
-rw-------  1 peter peter  394 Sep 14 10:23 id_rsa.pub
-rw-------  1 peter peter  444 Sep 14 00:05 known_hosts

I then SCP'd the id_rsa.pub file to my remote EC2 instance and appended it to the
.ssh/authorized_keys file in my remote instance. The permissions of my remote
.ssh directory:

drwx------ 2 ubuntu ubuntu 4096 Sep 16 16:13 .ssh

And of my authorized_keys file:

-rw-------  1 peter ubuntu  1179 Sep 14 00:05 authorized_keys

Next, I logged off my remote instance and attempted to SSH to the remote box using the new keys. When I issue the following command:

peter@ubuntu:~/.ssh$ ssh -vvv MyTestAccount@ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com 

I get the below. It looks like there is something wrong with my private key? Any suggestions? Thanks.

OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config  
debug1: /etc/ssh/ssh_config line 19: Applying options for *  
debug2: ssh_connect: need priv 0
debug1: Connecting to ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com [XX.XXX.XX.XXX] port 22.  
debug1: Connection established.  
debug3: Incorrect RSA1 identifier  
debug3: Could not load "/home/peter/.ssh/id_rsa" as a RSA1 public key 
debug1: identity file /home/peter/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1  
debug1: identity file /home/peter/.ssh/id_dsa type -1  
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1  
debug1: identity file /home/peter/.ssh/id_ecdsa type -1 
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1  

[SNIP…]

debug2: we sent a publickey packet, wait for reply  
debug1: Authentications that can continue: publickey  
debug1: Trying private key: /home/peter/.ssh/id_dsa  
debug3: no such identity: /home/peter/.ssh/id_dsa
debug1: Trying private key: /home/peter/.ssh/id_ecdsa  
debug3: no such identity: /home/peter/.ssh/id_ecdsa 
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try. **Permission denied (publickey).**

Best Answer

This kind of situation is normal, it's not weird.
The message you got:

debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user_name/.ssh/id_rsa" as a RSA1 public key

does not indicate an error, indeed.
RSA1 public key is only used in SSH protocol 1, which is already out of date. Nowadays, SSH protocol 2 is mostly used.

During a normal SSH login process, you will most probably see that warning message with ssh -vvv.
You will probably feel surprised, but don't worry, it's normal.

reference:
https://bbs.archlinux.org/viewtopic.php?id=122646, #9

Related Topic