Why am I receiving "imported-openssh-key" or "Putty Fatal Error" errors when connecting to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance?

Last updated: 2021-05-12

I'm receiving "imported-openssh-key" or "Putty Fatal Error" errors when connecting to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance. How can I fix these errors?

Short description

When connecting to my Linux instance using SSH, I receive an error similar to the following:

"Using username "root". Authentication with public key "imported-openssh-key" Please login as the user "ec2-user" rather than the user "root"."

-or-

When using the PuTTY client, I receive an error similar to the following:

"PuTTY Fatal Error: Disconnected: No supported authentication methods available (server sent: publickey) OK

These errors might occur under the following circumstances:

  • You're not connecting with the appropriate user name for your AMI when you negotiate an SSH session with an EC2 instance.
  • You're using the wrong private key when you negotiate an SSH session with an EC2 instance.

Resolution

Verify that you're connecting with the correct user name

On your local machine, verify that you're connecting with an appropriate user name. For a complete list of appropriate user names, see Troubleshoot connecting to your instance.

Verify that the private key is correct

1.    Open the Amazon EC2 console, and then choose Instances.

2.    Find the EC2 instance you want to connect to using SSH.

3.    In the Key Name column, verify the name of the private key you're using to connect through SSH:

PuTTY

Verify that the SSH private key matches the private key you see in the Key Name column for your EC2 instance in the console.

Verify that you converted your private key (.pem) file to the format recognized by PuTTY (.ppk). For more information, see Convert your private key using PuTTYgen.

macOS or Linux

Run the following command to make sure that you changed the permissions on your key pair file so that only you can view it:

$ chmod 400 my-key-pair.pem

Check the directory and file name that you specify after the -i flag to make sure it’s the correct path to your private key, as shown in the following example command:

$ ssh -i my-key-pair.pem ec2-user@52.4.XX.XX

Use the EC2 Serial Console

If you enabled EC2 Serial Console for Linux, then you can use it to troubleshoot supported Nitro-based instance types. The serial console helps you troubleshoot boot issues, network configuration, and SSH configuration issues. The serial console connects to your instance without the need for a working network connection. You can access the serial console using the Amazon EC2 console or the AWS Command Line Interface (AWS CLI).

Before using the serial console, grant access to it at the account level. Then create AWS Identity and Access Management (IAM) policies granting access to your IAM users. Also, every instance using the serial console must include at least one password-based user. If your instance is unreachable and you haven’t configured access to the serial console, follow the instructions in Method 2, 3, or 4. For information on configuring the EC2 Serial Console for Linux, see Configure access to the EC2 Serial Console.

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.