Can’t do SSH RockyLinux9 in AWS by using TTL

I put “rocky” for the default user but I couldn’t login through AWS.
I subscribed an official Rocky Linux 9 (Official) - x86_64 instance through AWS Marketplace.
Is this default user appropriate? or Do I need to do something??

Have you an SSH key uploaded to your AWS account. Indeed the user is rocky. What was the error message? Alternatively, please copy/paste the full output from:

ssh -v rocky@your_aws_instance

and post it here. Please do not screenshot it, we need to see the full output.

If nothing, then ensure that ingress for port 22 is open.

1 Like

the command is should be something like
ssh -i your.cert.pem rocky@aws-ip

1 Like

Let me get straight to the point. I could do ssh login not from teraterm macro but through PowerShell.

ssh -i "rocky.pem" rocky@XXX.XXX.XXX

To be honest, the network is fine and SSH 22 port is opening.
I tried to made a web/db server instance of AWS for Rocky Linux 8.7 Version. And It was easily to do SSH login from teraterm macro with rocky user.

Rocky Linux 9 is also using the same network and the same security group and the same teraterm macro as the server instance of AWS for Rocky Linux 8.7 Version.
But it says that

ssh2 auto-login error user authentication failed

So I still don’t know this issue come from AWS or teraterm…

;IP Address
hostname = 'XXX.XXX.XXX'

;Login User
username = 'rocky'

;Keyfile name
keyfile = 'rocky.pem'

;key passphr
;passphr = ''

getdir keypath
strconcat keypath '\Keys\'
strconcat keypath keyfile
msg = hostname
strconcat msg ':22 /ssh'
strconcat msg ' /auth=publickey'
strconcat msg ' /user='
strconcat msg username
strconcat msg ' /keyfile='
strconcat msg keypath
;strconcat msg ' /passwd='
;strconcat msg passphr
connect msg
wait '$'

The file path.

What is the strength of your SSH key? Is it a 2048 RSA key?

1 Like

Yes, You are right.
I am using this 2048-bit SSH-2 RSA key by generating from AWS EC2.

If possible, try to issue your own key by using one of these:

  • 3072 RSA: ssh-keygen -t rsa -b 3072
  • ed25519: ssh-keygen -t ed25519
  • ecdsa: ssh-keygen -t ecdsa

Hi @ nazunalika

I could ssh login with your advice.
Thanks a lot.

Rocky 9.1 did add to “DEFAULT” crypto policy:

RSAMinSize 2048

Hence 2048 ought to still have been enough (unless AWS image overrides that option)?