Can’t do SSH RockyLinux9 in AWS by using TTL

Hirotodude · December 12, 2022, 5:50am

I put “rocky” for the default user but I couldn’t login through AWS.
I subscribed an official Rocky Linux 9 (Official) - x86_64 instance through AWS Marketplace.
Is this default user appropriate? or Do I need to do something??

iwalker · December 12, 2022, 6:51am

Have you an SSH key uploaded to your AWS account. Indeed the user is rocky. What was the error message? Alternatively, please copy/paste the full output from:

ssh -v rocky@your_aws_instance

and post it here. Please do not screenshot it, we need to see the full output.

If nothing, then ensure that ingress for port 22 is open.

lee · December 12, 2022, 7:52am

the command is should be something like
ssh -i your.cert.pem rocky@aws-ip

Hirotodude · December 13, 2022, 12:41am

iwalker:

SH key
[/quote] [quote=“iwalker, post:2, topic:8219, full:true”]
Have you an SSH key uploaded to your AWS account. Indeed the user is rocky. What was the error message? Alternatively, please copy/paste the full output from:
ssh -v rocky@your_aws_instance
and post it here. Please do not screenshot it, we need to see the full output.

If nothing, then ensure that ingress for port 22 is open.

Let me get straight to the point. I could do ssh login not from teraterm macro but through PowerShell.

ssh -i "rocky.pem" rocky@XXX.XXX.XXX

To be honest, the network is fine and SSH 22 port is opening.
I tried to made a web/db server instance of AWS for Rocky Linux 8.7 Version. And It was easily to do SSH login from teraterm macro with rocky user.

Rocky Linux 9 is also using the same network and the same security group and the same teraterm macro as the server instance of AWS for Rocky Linux 8.7 Version.
But it says that

ssh2 auto-login error user authentication failed

So I still don’t know this issue come from AWS or teraterm…

;IP Address
hostname = 'XXX.XXX.XXX'

;Login User
username = 'rocky'

;Keyfile name
keyfile = 'rocky.pem'

;key passphr
;passphr = ''

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
getdir keypath
strconcat keypath '\Keys\'
strconcat keypath keyfile
msg = hostname
strconcat msg ':22 /ssh'
strconcat msg ' /auth=publickey'
strconcat msg ' /user='
strconcat msg username
strconcat msg ' /keyfile='
strconcat msg keypath
;strconcat msg ' /passwd='
;strconcat msg passphr
connect msg
wait '$'

The file path.
~/keys/rocky.pem

nazunalika · December 13, 2022, 1:48am

What is the strength of your SSH key? Is it a 2048 RSA key?

Hirotodude · December 13, 2022, 2:23am

Yes, You are right.
I am using this 2048-bit SSH-2 RSA key by generating from AWS EC2.

nazunalika · December 13, 2022, 2:58am

If possible, try to issue your own key by using one of these:

3072 RSA: ssh-keygen -t rsa -b 3072
ed25519: ssh-keygen -t ed25519
ecdsa: ssh-keygen -t ecdsa

Hirotodude · December 13, 2022, 6:22am

Hi @ nazunalika

I could ssh login with your advice.
Thanks a lot.

jlehtone · December 13, 2022, 8:32am

Rocky 9.1 did add to “DEFAULT” crypto policy:

RSAMinSize 2048

Hence 2048 ought to still have been enough (unless AWS image overrides that option)?