Frustrating - AWS Setup Permission denied (publickey) Error

I have a MAC. I have created an AWS Instance and connecting to my AWS Instance ssh -i /Users/murali/.ssh/aws-key-fast-ai.pem

However, I get an error the error

Load key “/Users/murali/.ssh/aws-key-fast-ai.pem”: invalid format Permission denied (publickey).

Can some please help!!!

Its frustrating just a setup and connection cannot take so long this is a joke


Hi @ilarum did you already try running the setup script and then it failed?? The script is not written very robustly.

If you already ran the setup script once and it failed (e.g. maybe you didn’t have AWS approval to run a P2 instance yet, or maybe you had an unsupported default region set), it doesn’t clean up after itself and it doesn’t pick up where you left off when you run it again.

Re the setup script, you could have a key stored in that local file from a previous run, but AWS infrastructure from a later successful run, and so a key mismatch right out of the gate.

It might be easiest to wipe all AWS infrastructure created AND your aws-key-fast-ai.pem (i.e. the whole VPC tagged “fast-ai” and everything in it; do not delete your default VPC that AWS automatically plops into every region). Then re-run the script again to start from scratch. An error-free run is the only good run.

To investigate further without starting again, and focusing in on the “invalid format” error.

  • Try to open the pem file and inspect it to make sure that its a plaintext file that isn’t cut off and there’s a full key in it
  • If you haven’t used ssh before make sure your ~/.ssh folder and key file has the right permissions.

I tried opening the pem file using keychain and it doesn’t open. When I open it with keychain and click on view certificates, I get the error.

An error has occurred. Unable to display information about the selected item.”"

Any idea how I could fix the error, do I need to delete everything and start over?


@ilarum I was initially thinking like a quick visual check with a text editor like nano in the Terminal but Keychain is logical too. If it couldn’t open it, my guess is something has to be up with that file. Who knows, maybe you suffered a connection hiccup when it was being downloaded and the file isn’t complete or something like that.

IIRC on security grounds you cannot get a private key from AWS once its created and provided to you in its initial response [to the create key request], which would mean you’re out of luck to recover this file.

Rest assured, deleting everything and starting again is probably one of the most efficient things you can do. Since you haven’t ssh’d into your machine yet I think its safe to assume that you aren’t going to lose any work or anything. When the setup script works, its pretty fast.

Deleting is fast too. Point click done.

More details:

Login to the AWS console and ensure you’re in the right region (top right toolbar, to the left of the support dropdown). To delete the instance, go to Services > EC2, find it in the “Instances” section, select it and terminate it. To delete the rest of the infrastructure, go to Services > VPC, find the fast-ai-tagged VPC, select it and delete it.

I’m not sure off-hand if the following gets deleted as well, but I suspect your account might hold onto the Elastic IP that was previously attached to your EC2 instance, and also its “hard drive” on EBS. You can check and make sure they’re deleted too to avoid extra charges. The Services > EC2 dashboard has sections for “Volumes” under the ‘Elastic Block Store’ heading. There’s also an “Elastic IPs” section.

If you’ve run the setup script more than once while troubleshooting, you will likely have multiple things created on AWS that you’ll want to kill. Get rid of anything fast-ai to give yourself a clean slate and assure yourself you’re not going to be paying a higher bill at the end of the month than you intended to.

Finally on your Mac, delete the key, e.g.

rm ~/.ssh/aws-key-fast-ai.pem

Before you re-run the setup script make sure you have your aws default set to one of the 3x supported regions, and meet all other prerequisites.

Then re-run the setup script.

1 Like

@firxy Great Viola I am in finally I followed your steps and it worked fine. Thank you.


1 Like

I did what you have written here but after that i am not able to launch any instance because of vpc.
somehow i created a vpc but it is not showing the IP adress.
Please tell me what to do?

Hi @bk1 I’m not too sure how to interpret your question and not sure what “because of VPC” could mean in this context.

There is a default VPC in every AWS region. There is a difference between creating a new VPC and using the existing default one that is already there. If you launch an arbitrary EC2 instance in a region it will be in the default VPC. The fastai script creates a VPC specifically for itself (which is a good thing, if you already had other AWS services e.g. client projects you wouldn’t want it messing with anything but its own VPC) and puts the deep learning instance inside that.

If you’ve run the scripts and they failed, it really is easiest to wipe everything per my instructions above, fix the reason that it failed, and then re-run them. You’ll also ensure that you don’t end up paying for extra infrastructure created by a partially-executed run of the script before it hit whatever failure point.

Just don’t delete the default VPC! I believe the only way to get it back is by going through AWS support. Whatever is current information would be in the VPC documentation. The VPC is clearly tagged/labelled as such.

Once you get the script to successfully complete and get your instance is running, if you’re not sure about the IP:

If you log into the AWS console, choose the region that you set (top-right corner there’s a dropdown beside the “Support” tab), and then go to the EC2 Dashboard, any instances [for that region] will be listed under “Instances” and you can see what’s running, what’s not, etc. If you click on one of them it will show you all of the info including its IP.

Any Elastic IP’s assigned to your account can also be seen within the EC2 Dashboard under “Elastic IP’s”.

When the EC2 instance is started, it would get associated with its Elastic IP and you’ll be able to see that IP in the EC2 dashboard when you find it and click on it and review the various details about it. There will be an internal network address for use within the VPC (think of the VPC as its own private LAN/network) and a public IP address (which is the one you need to use to connect to it).

I hope this helps you. Cheers!

I have the same exeption : Permission denied (publickey).

I can connect to a instance with basic AMI t1.micro with myKey
but when i try to use the AMI part1v2-p2 (with the same options)
i got the exeption : Permission denied (publickey)

I’m waiting for amazon to give me access to p2.xlarge instance so
I did use an instance t1.micro for my try, i know i can’t execute the code on that type of instance
but i just want to have a working connetion (and that should work even without gpu).

do you have any advice?

I don’t know what happened but it is connecting now with the default VPC.

1 Like

ok, i findout the probleme i used : “ssh ec2-user@—IP----”
to connect to my amazon AMI but he one is on Ubuntu
thus the good command is : “ssh ubuntu@—IP----”