4
5

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

EC2でsecureログにerror: AuthorizedKeysCommandが出力されるようになった

Last updated at Posted at 2020-02-20

概要

掲題の通りにsecureログに以下のようにerrorが記録されるようになった
原因はec2-instance-connect1.1-12にアップデートした。1.1-11では出力されない
なお、SSH接続は問題なく接続できるが、監視システムでアラートが発報される可能性があるので対応したほうがいいですね

/var/log/secure
Feb 20 14:57:29 ec2-user sshd[8046]: Connection from xxx.xxx.xxx.xxx port 17756 on xxx.xxx.xxx.xxx port 22
Feb 20 14:57:30 ec2-user sshd[8046]: error: AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys ec2-user SHA256:xxxxxxxxxxxxxxxxx failed, status 22
Feb 20 14:57:30 ec2-user sshd[8046]: Accepted publickey for ec2-user from xxx.xxx.xxx.xxx port 17756 ssh2: RSA SHA256:xxxxxxxxxxxxxxxxx 
Feb 20 14:57:30 ec2-user sshd[8046]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0)

対策法

以下の2つの方法があります

その1、シンプルにsshd_configの該当箇所をコメントアウトする

/etc/ssh/sshd_config
# コメントアウト
#AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys %u %f
#AuthorizedKeysCommandUser ec2-instance-connect

その2、接続ユーザのアクセス許可をポリシーに設定する

4
5
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
4
5

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?