During my process of learning and preparing for AWS Certified Solutions Architect – Associate and discussing on Slack with fellow students, I discovered that some of them encountered some issues when trying to connect to a Linux EC2 instance using the CLI. You can find below the common errors when connecting to a Linux EC2 instance.
In this post, I would like to highlight the most common errors that I saw in the community and how to address them.
Warning: Identity file linux-test.pem not accessible: No such file or directory. is not known by any other names
You try to connect to your Linux EC2 instance and you see the below error message.
pgulian@linlap:~$ ssh -i "linux-test.pem" ec2-user@ec2-34-205-19-181.compute-1.amazonaws.com
Warning: Identity file linux-test.pem not accessible: No such file or directory.
ec2-user@ec2-34-205-19-181.compute-1.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
pgulian@linlap:~$
The error message is displayed because the public key is missing in the directory from where you try to connect to the Linux EC2 instance.
In order to address this error, go to the directory where the public key is located and connect again. You will see something like this.
pgulian@linlap:~$ cd Downloads/
pgulian@linlap:~/Downloads$ ls linux-test.pem
linux-test.pem
pgulian@linlap:~/Downloads$ ssh -i "linux-test.pem" ec2-user@ec2-34-205-19-181.compute-1.amazonaws.com
Last login: Thu Oct 13 10:48:58 2022 from 84.65.66.132
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
4 package(s) needed for security, out of 7 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-172-31-92-213 ~]$
WARNING: UNPROTECTED PRIVATE KEY FILE!
Another common error is the one below.
pgulian@linlap:~/Downloads$ ssh -i "linux-test.pem" ec2-user@ec2-34-205-19-181.compute-1.amazonaws.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'linux-test.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "linux-test.pem": bad permissions
ec2-user@ec2-34-205-19-181.compute-1.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
pgulian@linlap:~/Downloads$ The reason for this error is too many permissions (644) on the public key. In order to address this issue, you need to change the permissions for the public key to 400.
pgulian@linlap:~/Downloads$ ls -l linux-test.pem
-rw-r--r-- 1 pgulian pgulian 1678 Oct 13 11:24 linux-test.pem
pgulian@linlap:~/Downloads$ chmod 400 linux-test.pem
pgulian@linlap:~/Downloads$ ssh -i "linux-test.pem" ec2-user@ec2-34-205-19-181.compute-1.amazonaws.com
Last login: Thu Oct 13 10:49:46 2022 from 84.65.66.132
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
4 package(s) needed for security, out of 7 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-172-31-92-213 ~]$ ^C
[ec2-user@ip-172-31-92-213 ~]$ Connection timed out
This issue is pretty common for the most impatient students.
pgulian@linlap:~/Downloads$ ssh -i "linux-test.pem" ec2-user@172.31.92.213
ssh: connect to host 172.31.92.213 port 22: Connection timed out
pgulian@linlap:~/Downloads$ In order to solve this issue, you need to be more patient. You need to wait until AWS assigns a public IP address to the Linux EC2 host. If the instance was configured without a public IP address, you will need to change it and enable public IP address allocation.
Temporary failure in name resolution
This error is less encountered. Nevertheless, I saw it mentioned a couple of times.
pgulian@linlap:~/Downloads$ ssh -i "linux-test.pem" ec2-user@ec2-34-205-19-181.compute-1.amazonaws.com
ssh: Could not resolve hostname ec2-34-205-19-181.compute-1.amazonaws.com: Temporary failure in name resolution
pgulian@linlap:~/Downloads$ ^CIn order to solve this issue, you will need to check if your DNS resolution is working properly. If you are not able to solve the DNS problem, you can connect to the Linux EC2 instance on the public IP address instead of its fully qualified domain name.
pgulian@linlap:~/Downloads$ dig ec2-34-205-19-181.compute-1.amazonaws.com
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> ec2-34-205-19-181.compute-1.amazonaws.com
;; global options: +cmd
;; connection timed out; no servers could be reached
pgulian@linlap:~/Downloads$ dig ec2-34-205-19-181.compute-1.amazonaws.com @8.8.8.8 +short
34.205.19.181
pgulian@linlap:~/Downloads$ cat /etc/resolv.conf | grep -v '#'
nameserver 128.0.0.53
options edns0 trust-ad
search broadband
pgulian@linlap:~/Downloads$ ssh -i linux-test.pem ec2-user@34.205.19.181
The authenticity of host '34.205.19.181 (34.205.19.181)' can't be established.
ED25519 key fingerprint is SHA256:bZV3o+hbvKwcdkMylMrDVuOoxSXbrj8dL7XDjqo8szk.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:1: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '34.205.19.181' (ED25519) to the list of known hosts.
Last login: Thu Oct 13 11:09:34 2022 from 84.65.66.132
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
4 package(s) needed for security, out of 7 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-172-31-92-213 ~]$ exit
logout
Connection to 34.205.19.181 closed.
pgulian@linlap:~/Downloads$ sudo vim /etc/resolv.conf
pgulian@linlap:~/Downloads$
In my case it was an issue with my DNS server. After changing the DNS server from 128.0.0.53 to 127.0.0.53, I was able to connect to the Linux EC2 instance by using its fully qualified domain name.
Another common issue that can stop you for connecting to the Linux EC2 instance can be the firewall/AWS security group which is blocking the traffic to the instance.
I hope you will find this post useful.
What errors did you encounter and how did you address them? Please let me know if the comments section.