Adding an SSH Key to an EC2 Server (Resolving "Too many authentication failures" issue)
aws linux sshA situation where you provision an EC2 server with the selected key-pair provided (and downloaded by you) but you want to use another SSH key-pair to authenticate into the server?
I got you.
A little backstory:
I am trying to give GitHub Actions an SSH key pair that it can use to connect to and run some commands on a private EC2 server I have provisioned. In order for this to happen, I have to put a public SSH key in the EC2 server and provide the GitHub Actions runner a private key that it can use to connect and authenticate into the server and run my deployment scripts.
I will walk you through the steps:
I am assuming you already have an EC2 server provisioned and its .pem file ready on your local machine.
Here is a twist; you try to login with the command provided by AWS to connect to the instance and you get the error like this:
$ ssh -i "aws-key.pem" ubuntu@ec2-19-30-68-234.eu-central-2.compute.amazonaws.com
Received disconnect from 19-30-68-234 port 22:2: Too many authentication failures
Disconnected from 19-30-68-234 port 22
What this means is that, even when a specific SSH key is to be used in authenticating, the ssh-agent rejects the connection and the SSH client aborts with the above error.
To fix this error, we have to enforce a rule for the ssh-agent to use the specified key to open a connection to the server.
Add this to the ~/.ssh/config
file:
Host *
IdentitiesOnly=yes
Whether you have an already existing config file ready or not, this will work. If you have config file, you must navigate to the Host *
portion and add that line to the config there. Save the file.
After this, try authenticating again, It should connect.
Now back to the reson why I am writing this:
- generate your alternate SSH key you want to use to authenticate into the server.
ssh-keygen -t ed25519 -f ~/.ssh/mysshkey -C me@local.com
- There should be two new keys in the .ssh file,
mysshkey
andmysshkey.pub
. The goal here is to move the public key into the EC2 instance’s SSH authorized keys. A neat little command to use is this:
cat mysshkey.pub | ssh -i "aws-key.pem" ubuntu@19-30-68-234 'cat >> .ssh/authorized_keys'
The command takes the output of your public key, opens a connection to the EC2 instance and adds the contents to the authorized_keys file in the EC2 instance. 3. Connect to the server with the new SSH key
ssh -i "mysshkey" ubuntu@19-30-68-234
In this extremely short write-up, I have addressed SSH authentication failure issue with a resolution and I have shown how to add an SSH key to an EC2 server.