Ubuntu 使用.pem从AWS实例到AWS实例的SSHing请求密码短语

我正在尝试将ssh/scp转换到我的AWS实例中，但是它总是要求为.pem文件提供一个密码短语，即使没有一个设置。我花了好几个小时研究，什么都试过了。它的chmod'ed 400（也尝试了600和777-没有运气）

这是我在密码短语/密码上按enter键后得到的结果：

  The authenticity of host '****************' can't be established.
    ECDSA key fingerprint is ************************.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '*********' (ECDSA) to the list of known hosts.
    Enter passphrase for key 'new_bro.pem':
    Permission denied (publickey).
    lost connection

这是一条ssh-v消息

ubuntu@ip-10-0-0-221:~$ ssh -v -i new_bro.pem ubuntu@***********
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to *************** port 22.
debug1: Connection established.
debug1: identity file new_bro.pem type -1
debug1: identity file new_bro.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ***********************
debug1: Host '*************' is known and matches the ECDSA host key.
debug1: Found key in /home/ubuntu/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: new_bro.pem
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key 'new_bro.pem':
debug1: No more authentication methods to try.
Permission denied (publickey).
ubuntu@ip-10-0-0-221:~$

ubuntu@ip-10-0-0-221:~$ssh-v-i new_bro.pem ubuntu@***********
OpenSSH_6.6.1、OpenSSL 1.0.1f 2014年1月6日
debug1:读取配置数据/etc/ssh/ssh\u config
debug1:/etc/ssh/ssh\u配置第19行：应用*
debug1:连接到****************端口22。
debug1:已建立连接。
debug1:标识文件new_bro.pem type-1
debug1:标识文件new_bro.pem-cert type-1
debug1:启用协议2.0的兼容模式
debug1：本地版本字符串SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1：远程协议版本2.0，远程软件版本OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1:match:OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1*compat 0x04000000
debug1:SSH2\u MSG\u KEXINIT已发送
debug1:SSH2\u MSG\u KEXINIT已收到
debug1:kex:server->client aes128 ctr hmac-md5-etm@openssh.com没有一个
debug1:kex:客户端->服务器aes128 ctr hmac-md5-etm@openssh.com没有一个
debug1:发送SSH2\u MSG\u KEX\u ECDH\u INIT
debug1:需要SSH2\u MSG\u KEX\u ECDH\u回复
debug1:服务器主机密钥：ECDSA***********************
debug1:主机“************”已知，并且与ECDSA主机密钥匹配。
debug1:在/home/ubuntu/.ssh/known_hosts中找到密钥：2
debug1:ssh\u ecdsa\u验证：签名正确
debug1:SSH2\u MSG\u已发送新密钥
debug1:应为SSH2\u MSG\u NEWKEYS
debug1:SSH2\u MSG\u接收到新密钥
debug1:SSH2\u消息\u服务\u请求已发送
debug1:SSH2\u消息\u服务\u接收
debug1:可以继续的身份验证：公钥
debug1:下一个身份验证方法：公钥
debug1:尝试私钥：new_bro.pem
debug1:键\u解析\u私有2:缺少开始标记
debug1:密钥\解析\私有\ pem:pem\读取\私有密钥失败
debug1:读取PEM私钥完成：类型
输入密钥“new_bro.pem”的密码短语：
debug1:不再尝试验证方法。
权限被拒绝（公钥）。
ubuntu@ip-10-0-0-221:~$

我试过用不同的机器做同样的事情。在将.pem转换为.ppk后，我可以使用Putty登录

---

请帮助

您的pem文件已损坏，或者pem密钥格式不正确

几个命令来测试它

openssl rsa-check-in new_bro.pem-noout

应该说“rsa key ok”

---

ssh-keygen-y-e-f new_bro.pem

从私钥生成公钥，与远程上的公钥相比

对我来说，这是因为我没有包含

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

---

在复制pem文件时

看起来你的钥匙不知怎么被损坏了。你是怎么得到的？尝试创建新的或通过Puttygen循环-导入PEM、导出PPK，然后导入PPK和导出PEM。也许会有帮助。