Test a PEM key in AWS

If I suspect that I am using the wrong pem key , is there a way to test a pem key to make sure it is not valid or is valid

Is there a %100 certain was to see that the pem key is wrong or mismatched "?

how can I bee %100 sure this is the issue , before I claim this to be the issues

thanks !!!!!!!!!
Who is Participating?
Prabhin MPEngineer-TechOPSCommented:
Enable verbosity in ssh command using -vv option. It will given detail information. It will be easy for you to know where it got failed.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Something like the following will dump cert info. The variations are many, so pick + choose as required...

openssl x509 -in $cert -text -noout

Open in new window

To test a key, you'll have to use it + check for failures.
NAMEWITHELD12Author Commented:
I am not sure I understand you what to you mean by "+"

thanks !!!
Phil PhillipsDirector of DevOps & Quality AssuranceCommented:
You could also try using the ssh command with extra verbosity turned on.

ssh -vvv -i [your key name].pem ec2-user@[public DNS address of your instance].compute-1.amazonaws.com

Open in new window

If they key is wrong, the log would look something like this:
debug2: bits set: 504/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: boguspem.pem ((nil))
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: boguspem.pem
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA 9c:4c:bc:0c:d0:5c:c7:92:6c:8e:9b:16:e4:43:d8:b2
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

Open in new window

Source: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.