Recently I set up a new EC2 instance. The next day I was not able to connect to my instance via ssh. I could connect and disconnect the day before, I am sure I did nothing. Here is ssh debug info:
ssh -i webserver.pem -v ubuntu#my.elastic.ip
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to my.elastic.ip [my.elastic.ip] port 22.
debug1: Connection established.
debug1: identity file webserver.pem type -1
debug1: identity file webserver.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
Connection closed by my.elastic.ip
Is there a way to resolve this issue? Or shall I reinstall my instance again?
PS rights to my .pem are set to 600.
My problem was that the username was incorrect. On ubuntu instances it should be "ubuntu" and on amazon instances it should be "ec2-user".
Often times, you should use the default user name for the AMI that you used to launch your instance:
For Amazon Linux 2 or the Amazon Linux AMI, the user name is
ec2-user.
For a CentOS AMI, the user name is centos.
For a Debian AMI, the user name is admin or root.
For a Fedora AMI, the user name is ec2-user or fedora.
For a RHEL AMI, the user name is ec2-user or root.
For a SUSE AMI, the user name is ec2-user or root.
For an Ubuntu AMI, the user name is ubuntu.
Otherwise, if ec2-user and root don't work, check with the AMI provider.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-get-info-about-instance
Please check your username. if you are using ubuntu instance try using "ubuntu" in username instead of "ec2-user", and vice-versa
Check your security group. Make sure that you have an outbound rule that allows traffic to return from the instance.
With the default outbound rule
type: All traffic, Protocol: All, Ports: All, Destination: 0.0.0.0/0
it will work.
(1) Please check when you execute the ssh command, are you in the same folder where you put your pem key. Else you should use "ssh -i /your_key_path /mykey.pem".
(2) If that doesn't help. I think you could create another key and set your EC2 instance through AWS webpage. Then try again.
I had this problem and it turned out the PEM file was incorrect. You can check following the instructions in Amazon EC2 Key Pairs - Verifying Your Key Pair's Fingerprint:
If you created your key pair using AWS, you can use the OpenSSL tools to generate a fingerprint from the private key file:
$ openssl pkcs8 -in path_to_private_key -inform PEM -outform DER -topk8 -nocrypt | openssl sha1 -c
If you created your key pair using a third-party tool and uploaded the public key to AWS, you can use the OpenSSL tools to generate a fingerprint from the private key file on your local machine:
$ openssl rsa -in path_to_private_key -pubout -outform DER | openssl md5 -c
The output should match the fingerprint that's displayed in the console.
I had the same issue, Its the problem of the permissions you give to pem private key file. Make sure you run ssh command in the terminal with the sudo (Administrative) Access.
I have the same issue but i fixed it by "restarting" the EC2. Note that restarting EC2 does not change its IP address but stopping and starting it again does change it.
It was an easy fix but make sure you can bear the small downtime. In my case website stopped working suddenly.
Solved this issue by creating a new private key file/pair.
The problem arose while I wanted to reuse an existing key a few days after its creation.
Then, just use the commands provided here
I had this problem with an ubuntu vm, so:
the security groups with 22/tcp access was ok
the user name is ubuntu, ok
accessed using the pem key and
/var/log/auth.log was showing the session end in the preauth stage (not ok)
Noticed there's a missing package: ec2-instance-connect (ref: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-instance-connect-troubleshooting/) (not ok)
sudo apt install ec2-instance-connect
After that, got access through instance connect
I had this problem when using EC2 instance connect. I finally could connect after downgrading my Ubuntu version from 22 to 20.
I had created an Amazon EC2 instance and was able to SSH into it previously. Now if I try to SSH into it, I get the error as below:
ssh: connect to host [ip address] port 22: Connection timed out
I've not changed anything in the security group and NACL to which the instance and the subnet are attached respectively.
Creating another instance from the AMI of this instance doesn't seem to work either.
I tried fixing the problem by detaching the EBS volume from this instance and mounting it to a fresh instance for checking /etc/ssh/sshd_config, but there wasn't any problem there.
I've also tried commenting out stuff from the fstab as per the solution https://stackoverflow.com/a/14050894
I'm facing the same issue in around 3 instances, kindly help.
Below is the output of ssh -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ip [ip] port 22.
debug1: connect to address ip port 22: Connection timed out
ssh: connect to host ip port 22: Connection timed out
After much struggle, I've resolved this issue by mounting the volume of the instance I was unable to SSH into with another EC2 instance created using the same key, and thereafter replacing the .ssh/authorized_keys file in the attached volume with .ssh/authorized_keys in the newly created instance. Finally, reattaching this volume to the original instance.
There wasn't any difference between the two authorized_keys files, so I can't say why did replacing the file work.
Creating a new instance with the AMI of the problematic instance using a new key should've worked which didn't for some reason unidentified as of yet.
I'm trying to copy file from my local to Aws EC1 or EC2.
my detailed setup.
Created two EC2 instances.
Got .pem file (Private key) from AWS consle.
Generated private key from .pem file (step2).
Able to connect EC1 and EC2 using private key generated in step 3.
Copied .pem file in EC1 and EC2 servers, by doing that am able to copy files in between EC1 and 2 aws servers.
Now I want to copy the file from my local machine to AWS EC1 and EC2 serves.
But when am trying to do below command (using public DNS):
ssh ubuntu#ec2-18-222-170-204.us-east-2.compute.amazonaws.com
getting below error
Permission denied (publickey)
And when I do it using Private DNS:
ssh ubuntu#ip-172-31-43-162.us-east-2.compute.internal
getting below error:
ssh: Could not resolve hostname ip-172-31-43-162.us-east-2.compute.internal: Name or service not known
what should I do to fix this or make it work?
Output
OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "ip-172-31-43-162.us-east-2.compute.internal" port 22
ssh: Could not resolve hostname ip-172-31-43-162.us-east-2.compute.internal: Name or service not known
First thing, ssh ubuntu#ip-172-31-43-162.us-east-2.compute.internal this will only work within VPC, as its private IP and your local system will never able to resolve this DNS until you connect with some VPN from that VPC.
It's not a security group issue, your instance is reachable.
You should post debugs log for ssh ubuntu#ec2-18-222-170-204.us-east-2.compute.amazonaws.com, you can get debug log using ssh -v ubuntu#ec2-18-222-170-204.us-east-2.compute.amazonaws.com
But I am sure it's not picking the pem file from right location. Two possible reason
set chmod 400 your.pem and then try to connect
specify the key in your ssh command
ssh -i path_to_key/private.pem ubuntu#ec2-18-222-170-204.us-east-2.compute.amazonaws.com
Might be possible user ubuntu not exist in that case you can try with root and AWS will return the user which can ssh to that server.
You can also get ssh command for AWS ec2 console. -> Select Instance and click connect, copy the command and try to connect.
I supposed to add the ssh key and then ssh to the AWS instance using a jumphost in 2 operations
So, first adding the key
ssh-add ~/.ssh/<key-file>.pem
Then ssh to jumphost
ssh -A ec2-user#jumphost
And then from jumphost to instance
ssh ec2-user#<private IP>
This works for one instance but does not work for another instance - cannot ssh to this instance from a jumphost.
What instance setting can prevent me to do ssh?
The output of ssh -v ec2-user#
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to <private ip>[<private ip>] port 22
There are different causes of this issue.
Check the security group of the ec2 instance you are connecting from the jump host / bastion if port 22 is open. If it's not open, add the rule. You can verify this if you telnet the destination server on port 22 form the jump host / bastion. command: telnet destinationip 22
if the above doesn't work, check if the ec2 instance you are connecting is in a running state with 2/2 checks passed. This will make sure that both network and operating system are functional.
if the above doesn't work, check if your Network Access List (NACLs) are allowing the inbound and outbound traffic. The default setting allows the traffic.
Make sure the the firewall is setup correctly! That is mandatory in AWS console when you setup your new instance. My guess is a wrong default was selected.
The reason was pointed by the user LogicIO. Somehow, one instance was moved to the different VPC and therefore the jumphost (bastion) and the instance appeared on the different VPC's, so connection stopped working. I needed a different jumphost.
I have added a new user to my instance. I would like to transfer the pem file to that account so I can complete the instructions of adding a user (https://aws.amazon.com/premiumsupport/knowledge-center/new-user-accounts-linux-instance/). I am in the section that details me creating a key pair and now I would like to transfer it from my computer to the new user account in my instance. Every time I do it, I get a timeout failure:
(ssh: connect to host ip-XXX-xxx-xxxx.compute-1.amazonaws.com port 22:
Operation timed out lost connection).
I am using below command to connect to the instance:
scp -i ~/.ssh/my.pem ~/Downloads/new.pem
ubuntu#ip-xx-xx-xxx.compute-1.amazonaws.com:~/directory/.
I already added port 22 with my ip as a rule and also chmod 400 new.pem and rebooted. Please help!