我正在尝试将一个应用程序(使用chef-solo和knife-solo)部署到新创建的EC2实例,就像我已经使用Digital Ocean做的那样没有任何问题。
## once the EC2 instance is created and running
## from the console , I setup chef-solo
$> knife solo prepare ubuntu@ec2-XX-XX-XX-XX.eu-west-1.compute.amazonaws.com
## then I run the cookbook
$> knife solo cook ubuntu@ec2-XX-XX-XX-XX.eu-west-1.compute.amazonaws.com
## in this cookbook, I have a recipe to create a 'deploy' group and a user 'myself' in this group
## I also disable root login
## and I restrict login only to created user
## then other recipes without any problem ( postgres, rbenv, app..)
## as the user 'myself' is created , I should be able to run ( as w DigitalOcean)
$> ssh-copy-id -i ~/.ssh/id_rsa.pub -p 22 yves@ec2-XX-XX-XX-XX.eu-west-1.compute.amazonaws.com
But I get an error : Permission denied (publickey).
为什么没有像DigitalOcean那样运行良好,AWS EC2有诀窍吗?
答案 0 :(得分:0)
用于启动实例的Ubuntu AMI与使用了DigitalOcean的实例不同...
in /etc/ssh/sshd_config by default
PasswordAuthentication no
所以我需要在我的[ssh]食谱中添加一个任务
# enable Password Authentication for new user
bash "allow Password Authentication to created user" do
code <<-EOH
sed -i '/PasswordAuthentication.*/d' /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
EOH
notifies :restart, "service[ssh]", :delayed
not_if "grep -xq 'PasswordAuthentication yes' /etc/ssh/sshd_config"
end
我可以为新创建的用户添加SSH密钥&#39;部署者&#39;
ssh-copy-id -i ~/.ssh/id_rsa.pub -p 22 deployer@ec2-XX-XX-XX-XX.eu-west-1.compute.amazonaws.com