Stuck with the error “imported-openssh-key”? We can help you.
Generally, we come across this error while we connect to the Amazon Elastic Compute Cloud (Amazon EC2) Linux instance.
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today, let us see how we can fix these errors.
Recently one of our customers came across this error while connecting to a Linux instance via SSH:
“Using username “root”. Authentication with public key “imported-openssh-key” Please login as the user “ec2-user” rather than the user “root”.”
Similarly, while using the PuTTY client, we may receive:
“PuTTY Fatal Error: Disconnected: No supported authentication methods available (server sent: publickey) OK
There are few circumstances for this to occur:
- Inappropriate user name for the AMI when we negotiate an SSH session with an EC2 instance.
- A wrong private key when we negotiate an SSH session with an EC2 instance.
How to fix this error?
Moving ahead, let us see the steps our Support Techs employ in order to fix this error.
Verify we connect with the correct user name
First and foremost, we need to verify that we connect with an appropriate user name.
We can use the user name for the user account or the default user name for the AMI.
- Initially, we get the user name for the user account.
- Then we get the default user name for the AMI that we used to launch the instance:
For Amazon Linux 2 or the Amazon Linux AMI: ec2-user. For a CentOS AMI: centos. For a Debian AMI: admin. For a Fedora AMI: ec2-user or fedora. For an RHEL AMI: ec2-user or root. For a SUSE AMI: ec2-user or root. For an Ubuntu AMI: ubuntu.
- On the other hand, if ec2-user and root don’t work, we check with the AMI provider.
Verify that the private key is correct
1. To verify, we select Instances from the Amazon EC2 console.
2. We find the EC2 instance to connect to via SSH.
3. Then in the Key Name column, we verify the name of the private key we use to connect through SSH:
We need to make sure that the SSH private key matches the private key we see in the Key Name column for the EC2 instance in the console.
In addition, we need to convert the private key (.pem) file to the format recognized by PuTTY (.ppk).
macOS or Linux:
To ensure that we change the permissions on the key pair file for us to view, we run:
$ chmod 400 my-key-pair.pem
We have to make sure the path to the private key is correct. To do so, we check the directory and file name we specify.
$ ssh -i my-key-pair.pem firstname.lastname@example.org.XX.XX
Use the EC2 Serial Console
With EC2 Serial Console for Linux, we can troubleshoot supported Nitro-based instance types.
It helps with boot issues, network configuration, and SSH configuration issues. It can connect to the instance without the need for a working network connection.
We can access it via the Amazon EC2 console or the AWS Command Line Interface (AWS CLI).
However, before we use it, we need to grant access to it at the account level.
Then we need to create AWS IAM policies granting access to the IAM users.
[Need help with the query? We are here for you]
In short, we saw how our Support Techs fix the error for our customers.