My situation is that i can ping my EC2 instance using command shell of my PC but i cant connect to it using ssh (putty) ... i was able to do that this morning , was trying to send some files using scp , then i lost connection , i rebooted the instance many times but i still cant get access using ssh , i can still ping it tho .(i allowed all trafic in security group)
Thank you.
It seems when you rebooted, Your Server IP is changed. You copied new server IP in PING. Now For SSH you need to use same IP.
So Steps for SSH will be
Copy Public IP or use connect to instance option from EC2 Console.
Check which server you created(Ubuntu server username is ubuntu,while for amazon linux-ami is ec2-user)
Remember to launch your server in public subnet.
In case you have security group open to public, you should be able to SSH by above steps.
Thanks,
AB
Related
Launching an AWS EC2 instance seems quite straightforward although when it comes to connecting to the newly launched instance things get sticky. The process for connecting to an instance proposed by such a tech giant is very counter-intuitive.
As a short reminder I should add that an "instance" is technically a virtual machine running on Amazon's Elastic Compute Cloud (EC2), for more info one could have a look at this link.
The ec2 instance referred to in this discussion is Ubuntu Server 20.04 LTS (HVM).
The instruction for working with EC2 Linux instances is given here.
AWS EC2 proposes three different ways of connecting to an instance:
EC2 Instance connect (browser-based SSH connection),
Session Manager
SSH Client
Now with regard to connecting to the above-mentioned instance there are only certain connections that establish correctly and the rest of the proposed methods fail, here is the list of connection successes and failures :
Ubuntu instance, security group source "Custom=0.0.0.0/0", Connection establishes using both EC2 Instance Connect (browser-based SSH connection) and SSH client.
Ubuntu instance, security group source "My IP=$IP", Connection establishes only using SSH client (terminal on Ubuntu and PuTTY on windows) and not using EC2 instance connect.
Both above cases have been tried on Ubuntu 20.04 and Windows 10 as local machine and the problem remains similar on both machines. I went through most of the failure cases discussed in the troubleshooting documents proposed here and verified them on my instance. Yet the problem persists. I should also add that I never tried "session manager" connection method although opening its tab already would give some info about "not installed" agents and features.
Any idea regarding this problem? Somebody out there facing the same issue?
From Docs
(Amazon EC2 console browser-based client) We recommend that your instance allows inbound SSH traffic from the recommended IP block published for the service.
Reason for this -> EC2 Instance Connect works by making an HTTPS connection between your web browser and the backend EC2 Instance Connect service on aws. Then, EC2 Instance Connect establishes a "mostly normal" SSH connection to the target instance in other words the request is going from backend ec2 instance connect and not your browser that is why it needs IP address from accepted ranges of that region .
Browser based EC2 Instance Connect uses specific IP ranges for browser-based SSH connections to your instance. These IP ranges differ between AWS Regions. To find the AWS IP address range for EC2 Instance Connect in a specific Region, use the following( just replace your region with your region) ( for Linux required curl and jq as prerequisite)
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json| jq -r '.prefixes[] | select(.region=="Your region") | select(.service=="EC2_INSTANCE_CONNECT") | .ip_prefix'
whatever the value is returned just add up to your security rule and it will work.
Ubuntu instance, security group source "Custom=0.0.0.0/0", Connection establishes using both EC2 Instance Connect (browser-based SSH connection) and SSH client.
this works because 0.0.0.0/0 allows connection from all the IP ranges( which includes your region IP too).
for more details try reading this troubleshoot
Yesterday, I updated my Django website (on AWS EC2) to HTTPS by using lets-encrypt. Everything works well. The website has HTTPS green icon as expected.
Today when I try to connect my instance by using SSH. The connection keep hunging. Finally, It give some message like "ssh: connect to host ec2-34-202-93-189.compute-1.amazonaws.com port 22: Resource temporarily unavailable".
I thought it might be security group problem of this instance. So I double checked my security group setting of this instance, the SSH, HTTP and HTTPS port are all open correctly. I created another instance to test if there is any problem on my local. The new instance connected successfully. Then I apply the new instance to the security group that I made for the previous instance and It connected. Then I apply the previous instance to the new security that I made for the new instance, the connection got frozen again. I also tried to connect with putty and it was not working as well.
Now I am really confused. My local machine is Windows subsystem of Linux. My EC2 instance is Ubuntu 16. I am using Nginx as web server. My ssh command is "ssh -i blog_project.pem ubuntu#ec2-34-202-93-189.compute-1.amazonaws.com".
Here is my security group setup for the instance.
This is the result I command "ssh -vvv -i blog_project.pem ubuntu#ec2-34-202-93-189.compute-1.amazonaws.com"
BTW, Is there any way that I can login to my instance without ssh connection? Is there anything like console or shell inside the AWS that I can touch with my instance?
Check if the instance exists on AWS, maybe a new one was created with different Public DNS (xxxx.compute-1.amazonaws.com) than the one you are using in your command.
I am currently overseas and I am trying to connect to my EC2 instance through ssh but I am getting the error ssh: connect to host ec2-34-207-64-42.compute-1.amazonaws.com port 22: Connection refused
I turned on my vpn to New York but still nothing changes. What reasons could there be for not being able to connect to this instance?
The instance is still running and serving the website but I am not able to connect through ssh. Is this a problem with the wifi where I am staying or with the instance itself?
My debugging steps to EC2 connection time out
Double check the security group access for port 22
Make sure you have your current IP on there and update to be sure it hasn't changed
Make sure the key pair you're attempting to use corresponds to the one attached to your EC2
Make sure your key pair on your local machine is chmod'ed correctly. I believe it's chmod 600 keypair.pem check this
Make sure you're in either your .ssh folder on your host OR correctly referencing it: HOME/.ssh/key.pem
Last weird totally wishy washy checks:
reboot instance
assign elastic IP and access that
switch from using the IP to Public DNS
add a : at the end of user#ip:
Totally mystical debugging sets for 6 though. That's part of the "my code doesn't work - don't know why. My code does work - don't know why." Category
Note:
If you access your EC2 while you are connected to a VPN, do know that your IP changes! So enable incoming traffic from your VPN's IP on your EC2 security group.
In AWS, navigate to Services > EC2.
Under Resources, select Running Instances.
Highlight your instance and click Connect.
In Terminal, cd into the directory containing your key and copy the command in step 3 under "To access your instance."
In Terminal, run: ssh -vvv -i [MyEC2Key].pem ec2-user#xx.xx.xx.xx(xx.xx.xx.xx = your EC2 Public IP) OR run the command in the example under step 4.
Just check if your public ip that you get when you are on VPN is configured as a source address in the SG inbound entry that opens up port 22.
You can check your ip using https://www.google.co.in/search?q=whats+my+ip, when connected to your VPN.
I tried everything in this and several other answers, also in some aws youtube videos. Lost perhaps five hours over a few sessions trying to solve it and now finally..
I was getting the exact same error message as the OP. I even rented another EC2 instance in a nearer data centre for twenty minutes to see if that was it.
Then I thought it might be the router or internet provider in the guest house where I am staying. Had already noticed that some non-mainstream news sites had been blocked - and that was it!
You can check if the router is blocking port 22:
https://superuser.com/questions/1336054/how-to-detect-if-a-network-is-blocking-outgoing-ports
cardamom#neptune $ time nmap -p 22 portquiz.net
Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-03 20:43 CET
Nmap scan report for portquiz.net (27.39.379.385)
Host is up (0.028s latency).
rDNS record for 27.39.379.385: ec2-27-39-379-385.eu-west-3.compute.amazonaws.com
PORT STATE SERVICE
22/tcp closed ssh
Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
real 0m0,212s
user 0m0,034s
sys 0m0,017s
Then, the question of why someone would want to block the ssh port 22 is addressed in at length here:
https://serverfault.com/questions/25545/why-block-port-22-outbound
Had the same problem after creating some instances on a new VPC. (If internet SSH worked before this solution may not work for you)
When creating a new VPC, make sure you create an internet gateway (VPC -> Internet Gateways)
And also make sure that your VPC's routing table (VPC -> Route Tables) has an entry which redirects all IPs (or just your IP) to the internet gateway you just created.
For me, it was because of this:
NOT ec2-user#xx.xx.xx.xx
BUT THIS =>>> ubuntu#xx.xx.xx.xx
Watch the image of EC2 instance!
Instead of
ssh -i "key.pem" ubuntu#ec2-161-smth.com
use
ssh -i "key.pem" ec2-user#ec2-161-smth.com
I am currently working on an AWS EC# LINUX AMI. I have a private IP. Is it possible to access that private IP with filezilla to transfer files. i am unable to do so.
For access an EC2 machine with private IP, you need to setup your own VPN server. If you already have VPN setup in your AWS cloud then you just need to install a VPN client and login with your credential and you will be able to access EC2 machine or transfer files using filezilla with private IP too. I am assuming that you haven't setup VPN server. you may use AMI of OPENVPN from AWS market place for setup VPN. Below is the good link for getting start.
https://docs.openvpn.net/how-to-tutorialsguides/virtual-platforms/amazon-ec2-appliance-ami-quick-start-guide/
After complete this you have to install OPENVPN in your machine and after Login with your credentials your will able to access your EC2 instance with private IP.
Below is the link for install OPENVPN in Ubuntu machine. For different operating system you can explore site.
https://docs.openvpn.net/getting-started/how-to-install-openvpn-as-software/
OPENVPN is one of the alternative, you can use other also as per your need.
Using 2 ways you can do this
Create a bastion host which will connect to the private instance
Using a port forwarding means tunnelling.
If you are using bastion host for connecting private ec2 instance then this steps will be useful
Using Filezilla to transfer files to a private ec2 instance through a bastion host:-
Note: Keep Pem file same of bastion host and private ec2 instance.
Open terminal or cmd(linux terminal i.e gitbash)
we are connecting to the AWS EC2 instance with one terminal command.
ssh -N -L 1234:<private_instance_ip or Private_DNS>:22 -i <Pem_File> #<Bastion_host_public_ip>
e.g.
ssh -N -L 1234: ip-171-12-21-208.us-east-1.compute.internal:22 -i app_prod.pem ubuntu#ec2-31-92-123-22.us-east-1.compute.amazonaws.com
Note: - For the first time when you enter this command it will ask for Are you sure you want to continue connecting - yes
3.Keep this terminal or cmd open.
If you close this session then the connection is broken
4.Open “FileZilla” application and on “Edit” section -> Click on “Settings”
5.On “Settings” page -> Click on “SFTP” and add PEM file of ec2 instance and click on “OK”
6.Add below entries:-
Host:- 127.0.0.1 or sftp://127.0.0.1
Username:- <your_user>
Password:- Keep empty
Port:- 1234
7.Click on Quick Connect.
Once the connection is established then you can easily transfer files from local to private instance.
See- scp-to-transfer-files-to-a-private-ec2-instance-through-a-bastion-host
https://www.davidbegin.com/using-scp-to-transfer-files-to-a-private-ec2-instance-through-a-bastion-host/
I am trying to use Vagrant to create AWS EC2 instances and it works great until it gets to the SSH part. Vagrant uses the public IP to try and SSH and that doesn't work with the EC2 instances I have created, I have to use the public DNS.
I opened 22 to every IP briefly and it did work, so its something to do with the firewall but I can't figure out what IPs I need to open (I have tired the (default) VPC CIDRs)
Can anyone point me in the right direction?
You will have to open the SSH port in NACL and SecurityGroup for the IP of your Vagrant machine. So figure out the IP of your Vagrant server (say X.X.X.X) and open port 22 for X.X.X.X/32 in the NACL as well as in SecurityGroup.
By adding the following line into the Vagrantfile, it forced Vagrant to use the servers private IP instead and therefore could SSH successfully.
aws.ssh_host_attribute = :private_ip_address
Hope this helps other people will the same issue