sftp connect to AWS EC2 fails

[EliasDT]

Hi,

I cannot connect to AWS SC2 using the latest SFTP plugin.
When I try to connect (using a .pem certificate file) the progress bar shows steps up till: "Getting supported authentication methods..." and then the connect dialogue disappears, but I'm not connected.

When I remove the pre-entered username, I'm prompted to enter the username, before the "Getting supported authentication methods..." message, but other than that, the results are the same.

Observations:
- I can[ connect to other servers using the same SFTP plugin,
- I can connect the the same AWS SC2 instance using PuTTY and a .ppk private key file, created by PuTTYgen from the .pem file I use for SFTP.

I've enabled logging as per this topic and the log file entries look like:

========================
Connecting to: ec2-xx-xx-xxx-xxx.us-west-2.compute.amazonaws.com
IP address: xx.xx.xxx.xxx:22
Server fingerprint:
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
Supported authentication methods: publickey
========================

Is this a known issue?
Is there a known solution?
anything else I can try?

Cheers,
Elias

[ghisler(Author)]

Apparently the plugin manages to connect to the server (otherwise it couldn't show the supported authentication methods), but fails to authenticate.

Did you create both a pub and pem key as described when you click on the '?' icon in the connection settings?

Alternatively, since you can login with PuTTY, you can use Pageant to use the private key also in the SFTP plugin. There is a checkbox to use the PuTTY agent.

[EliasDT]

Hi, thanks for replying.

I've added Private key file (.pem) but not the Public (.pub) file for this connection.

Amazon automatically generates the keypair for you and only offers the .pem file for download.

As suggested by your reply, I tried checking the Pageant option, but the I don't understand the instructions given in the popup dialog (I've not used Pageant before).

For now, I'll see if I can locally generate a keypair using PuTTYgen and see if I can get it to work.

I'll post an update later.

[EliasDT]

Ok, adding the .pub file apparently did the trick: I can now connect to AWS EC2 using the SFTP for Windows Commander.

As a reference to anyone who may stumble upon this topic looking for a solution, I'll write down the steps that solved my issue:

• Open PuTTYGen,
• Make sure the 'Type of key to generate' is set to 'SSH-2 RSA'
• Click the 'Generate' button,
  • Randomly move your mouse as instructed,
• Select the key in the text box labelled 'Public key for pasting into OpenSSH authorized_keys file:'
  • Copy it (ctrl+c),
  • do NOT close PuTTYgen,
• Logon to your AWS EC2 instance using a user that is in the sudoers list,
• Go to the '/home/[some-user]/.ssh' directory,
• Open the 'authorized_keys' file using a text editor,
  • Paste the key you copied from the text box in PuTTYgen,
  • Save the file,
• Create a new file on your local machine,
  • Paste the key you copied from the text box in PuTTYgen,
  • Save the file,
• In PuTTYgen:
  • Export the private key as .pem file, by clicking 'Conversions'->'Export OpenSSH key',
  • Save the private key as .ppk file, by clicking the 'Save private key' button,
• Start PuTTY,
  • Enter the hostname of you AWS EC2 instance,
  • Select 'Connection'->'SSH'->'Auth',
  • Enter the location of the .ppk private key file you saved earlier in the text field labelled: 'Private key file for authentication:',
  • Select 'Session',
  • Optionally, enter a name for the new connection and click the 'Save' button,
  • Click open to verify if you can connect to your AWS EC2 instance using your newly generated keypair,
• Create a new SFTP connection in TotalCommander (F7),
  • Enter the name for your new connection,
  • Enter the hostname,
  • Enter the username for which you edited the 'authorized_keys' file,
  • Enter the location of the .pub file you created,
  • Enter the location of you exported .pem private key file,
  • Click Ok,
• Double click your newly created SFTP connection to connect,
  • If everything went according to plan, you are now connected to your AWS EC2 instance using SFTP,
• Go get something to drink.

@Christian Ghisler: Thanks for the help.

Elias

[gbo]

Thanks Elias for the tuto !!! I was also stuck with EC2 <-> TC.

[Jyte]

Thanks Elias and Christian for the instructions.

However would there be a solution to connect EC2 without public IP address - way to connect to EC2 having only private IP using bastion host ?

Thanks in Advance

[driverop]

I'm sorry Elias.
I know this is an old post but I have a question.
In what step do you generate a .pub file you mention in "Create a new SFTP connection in TotalCommander (F7)"?

[Stefan2]

I'm sorry Elias.
I know this is an old post but I have a question.
In what step do you generate a .pub file you mention in "Create a new SFTP connection in TotalCommander (F7)"?

>>>

Did you create both a pub and pem key as described when you click on the '?' icon in the connection settings?

Behind the '?' icon in the connection settings:

Code: Select all

---------------------------
Help
---------------------------
Here you can enter the location of the public/private key pair for a client certificate authentication.
The keys must be in OpenSSH format.

Follow these steps to convert a Putty (*.ppk) key to OpenSSH format:
1.Start puttygen.exe
2. Load your Putty key into it
3. Do NOT click on "Save public key", it creates an incompatible key!


   Instead, select the text in the section "Public key for pasting into OpenSSH..." and press Ctrl+C (=Copy to clipboard)

4. Create a new file with extension .pub (Shift+F4 in Total Commander) and press Ctrl+V (=Paste)
5. Choose "Export SSH key" from the "Conversions" menu to save the *.pem file.

Supports environment variables like %commander_path%.
%USER% (uppercase!) will be replaced by current user.
---------------------------
OK   
---------------------------

.