Hello, I am trying to ssh into my ec2 instance using Running command ssh -tt -o “IdentitiesOnly=yes” -i my_key user@host in AWS CodeBuild buildspec.yml but i am getting an error i-e Host Key Verificaiton Failed.
What could be the issue?
Did you try any of these suggestions - https://www.thegeekdiary.com/how-to-fix-the-error-host-key-verification-failed/?
Yes and when I try to verify it gives me this error
Permission denied (publickey).
Toss a -v in your command and see if you get more output.
I know on a private key if the permissions on the file aren’t correct you’ll have issues. A lot of times we use rw for the user only and all other permissions are denied, also known as 0600
[Container] 2022/06/08 20:08:24 Running command ssh -tt -o “IdentitiesOnly=yes” -i my_key hot@ip -v
972OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
973debug1: Reading configuration data /root/.ssh/config
974debug1: /root/.ssh/config line 1: Applying options for *
975debug1: Reading configuration data /etc/ssh/ssh_config
976debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files
977debug1: /etc/ssh/ssh_config line 21: Applying options for *
978debug1: Connecting to IP port 22.
979debug1: fd 3 clearing O_NONBLOCK
980debug1: Connection established.
981debug1: identity file my_key type 0
982debug1: identity file my_key-cert type -1
983debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
984debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
985debug1: match: OpenSSH_7.4 pat OpenSSH_7.0,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
986debug1: Authenticating to IP:22 as ‘ec2-user’
987debug1: SSH2_MSG_KEXINIT sent
988debug1: SSH2_MSG_KEXINIT received
989debug1: kex: algorithm: curve25519-sha256
990debug1: kex: host key algorithm: ecdsa-sha2-nistp256
991debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
992debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
993debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
994debug1: Server host key: ecdsa-sha2-nistp256 SHA256:SwWMAFFWGT436GEFR3TWGSEG7l7921QLEGGRGTE6455EuuN47VafH3Kk5S99Ny7+h3g/7OrHQg
995debug1: read_passphrase: can’t open /dev/tty: No such device or address
996Host key verification failed.
997
998[Container] 2022/06/08 20:08:25 Command did not exit successfully ssh -tt -o “IdentitiesOnly=yes” -i my_key user@IP -v exit status 255
999[Container] 2022/06/08 20:08:25 Phase complete: PRE_BUILD State: FAILED
above is the error i am getting
Got a passphrase on your SSH key by any chance?
Out of easy ideas based on output then sorry
Have you removed the host from the known_hosts file?
I assume your output above, you are masking the real IP you’re connecting to?
No known_hosts file is available on my ec2 and yes i am masking my real IP
I mean the known_hosts file on your computer you are using to connect to the ec2 instance over SSH.
Actually there logs are from AWS CodeBuild, i am trying doing SSH in my CodeBuild and command is in buildspec file
You can also add the flag -o StrictHostKeyChecking=no to your command, but then it won’t validate the host you are connecting to with the known_hosts file and that isn’t normally recommended, unless you are 100% sure of the host you are connecting.
- aws ec2-instance-connect send-ssh-public-key --instance-id ID --availability-zone AZ --instance-os-user USR --ssh-public-key [file://my_key.pub](file://my_key.pub)
- ssh -tt -o "IdentitiesOnly=yes"-i my_key user@host -v```Above is the command i am using in my buildspec to connect to my ec2 instance
Did you try removing the -tt option and include a space after the last double quote before the -i?
-tt option i added is because to run command as terminal and no quotes removal does’nt matter I picked those commands from AWS Documentation
I’m at a loss then, based on the error - 995debug1: read_passphrase: can’t open /dev/tty: No such device or address, it’s trying to read something and doesn’t have access to tty to get input. That is how I read that error message.
