I have /etc/ansible/hosts locally as:
[example]
172.31.20.nnn # nnn not shown, is 1-255
I created an aws ubuntu instance and a .pem file in my local directory I can log in ok
ubuntu#ip-172-31-20-nnn:~$ whoami
ubuntu
ubuntu#ip-172-31-20-nnn:~$
However when I try
ansible example -m ping -u ubuntu
I get
172.31.20.nnn | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 172.31.20.nnn port 22: Connection timed out",
"unreachable": true
}
nnn is a number in all cases, just not shown here
Stuck on adding ping - i see the following showing 22. What should I do ?
I see this, but i don't see ping in the dropdown.
should i be deleting the existing 22 rule that was already there?
Tried that. No.
Your EC2 security group is blocking the ICMP requests. You just need to open the PING service on it
Related
"Connection Failed
You cannot connect to the VM instance because of an unexpected error. Wait a few moments and then try again."
When I tried to copy file from one virtual machine to another using scp, ssh client loses connection. Command that I run is the following:
gcloud compute scp --recurse file_name account#instance_name:~/folder --zone zone_name --project project_name
What can be the reason of it?
Make sure that you have opened port 22, which is the port that allows communication with SSH. If you are not sure, you can create a rule by going to VPC -> Firewall Rules -> port 22.
Here is an article that can help with allowing SSH connection
This other article can help you troubleshooting SSH
You can also run the following command to check which ports you have open netstat -tuplen, make sure you have port 22 listening.
I am very new to coding so trying to figure this out was very hard for me. I'm trying to deploy my code with docker and running my code inside the EC2 cloud. But I can't seem to get the instance's url to work. I set my inbound (security group) HTTP (80) => 0.0.0.0/0, HTTPs (443) => 0.0.0.0/0, and SSH(22) => my ip. I read that setting my SSH to 0.0.0.0/0 was a bad idea, so I went with my ip (there was an option called 'my ip'). Also, I am using ubuntu for my AMI.
While successfully docker using (docker-compose up), I used curl http://localhost:3001 (3001 is my exposed port inside my code) and it works fine. But when I used curl ec2-XX-XXX-XXX-XXX.us-west-1.compute.amazonaws.com, it outputs:
curl: (6) Could not resolve host: ssh and
curl: (7) Failed to connect to ec2-XX-XXX-XXX-XXX.us-west-1.compute.amazonaws.com port 80: Connection refused
Curl ec2-xxx-xx-amazonaws.com send request on port 80 , while you are docker is running at port 3001.
First verify that you have exposed some host port to docker. Something like this should come in docker ps -a
0.0.0.0/3001--> 3001 . the first 3001 can be any host port
Next make sure that the first port whichever you used is there in security group and opened for your ip.
Hopefully if all good at vpc and route tables settings then :3001(use whatever host port you gave if used anything apart of 3001) all should work
I changed port in /etc/ssh/sshd_config to 23. I restarted sshd (sudo systemctl restart sshd). I added firewall rule for 23:
gcloud compute firewall-rules create debug-ssh-23 --allow tcp:23
But still is not working... Ssh commands times out. How to change sshd port properly?
EDIT:
Firewall rule is:
{
"allowed": [
{
"IPProtocol": "tcp",
"ports": [
"23"
]
}
],
"creationTimestamp": "2018-10-02T14:02:23.646-07:00",
"description": "",
"direction": "INGRESS",
"disabled": false,
"id": "3968818270732968496",
"kind": "compute#firewall",
"name": "debug-ssh-23",
"network": "https://www.googleapis.com/compute/v1/projects/foo/global/networks/default",
"priority": 1000,
"selfLink": "https://www.googleapis.com/compute/v1/projects/foo/global/firewalls/debug-ssh-23",
"sourceRanges": [
"0.0.0.0/0"
]
}
But I can't access simple nginx service on this port. On 80, works. Rule for 80 is similar.
sshd_config:
# Force protocol v2 only
Protocol 2
# Disable IPv6 for now
AddressFamily inet
# /etc is read-only. Fetch keys from stateful partition
# Not using v1, so no v1 key
HostKey /mnt/stateful_partition/etc/ssh/ssh_host_rsa_key
HostKey /mnt/stateful_partition/etc/ssh/ssh_host_ed25519_key
PasswordAuthentication no
ChallengeResponseAuthentication no
PermitRootLogin no
UsePAM yes
PrintMotd no
PrintLastLog no
UseDns no
Subsystem sftp internal-sftp
PermitTunnel no
AllowTcpForwarding yes
X11Forwarding no
Ciphers aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
# Compute times out connections after 10 minutes of inactivity. Keep alive
# ssh connections by sending a packet every 7 minutes.
ClientAliveInterval 420
AcceptEnv EDITOR LANG LC_ALL PAGER TZ
besides sshd_config option Port, also see ListenAddress
run sudo systemctl reload sshd.service to apply the changes.
you need to add option ssh-flag in order to connect to another port:
gcloud compute --project "PROJECT_NAME" ssh --zone "us-central1-b" "instance-1" --ssh-flag="-p 23"
in the cloud console, there's also "open in a browser window on a custom port".
to see, if and where it is listening ...
sudo cat /var/log/secure | grep sshd
the output shoud look about like this:
instance-1 sshd[1192]: Server listening on 0.0.0.0 port 23.
instance-1 sshd[1192]: Server listening on :: port 23.
I did not need to add the ssh-flag to my gcloud command (which I could view but could not figure out how to edit). I followed these instructions:
Using SSH through airplane WiFi that blocks port 22
But my Centos installation had a blank sshd_config. I simply added this line to it:
Port 80
and ran (I had executed the commands in the link above first):
systemctl restart sshd.service
and then I was up and running SSHD on port 80.
Other things to note:
I was using this because I wanted to do work while on a JetBlue flight and I could not connect to my server using SSH (seems they block port 22 traffic and I don't want to change the port on which I am running SSHD). So, I created this VM to run SSH on port 80 and I could then connect from there to my server.
To save on my $300 in Google Cloud credit, I turned my VM instance off and when I was on the flight, I went to turn it on and there were not enough resources on that Google Cloud Zone to start my instance. Argh!! Set your VM instance to running before you leave on your flight to make sure it'll be available ahead of time. Moving it to another zone was a PITA, so I created a new instance and found I could connect to it even though it was set to run SSH on port 22 by default by connecting to it via the gcloud console's connect via SSH in a browser window, so it was not necessary to change the port upon which SSH was running anyway (at least for JetBlue)...
When I created this 2nd VM instance using the CENTOS 7 image, this time it created a full sshd_config file and I just changed the following line:
#Port 22
to:
Port 80
And also executed all the commands in the first link in my post.
My EC2 instance has been working well with no problem for many years, but after Amazon's recent maintenance, the webpage cannot be reached. Chrome browser says:
This site can’t be reached (the below is the error that I see at Chrome)
xxx.xxx.xxx.xxx refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
SSH port (22) works fine; I can connect it with Cyberduck as usual. However other ports (80, 8080) do not work, although the security group has inbound rule to accept any IPs for the HTTP.
Edit: per request, this is what I see in my ec2 (connected with my pem key on Terminal)
$ netstat -an | grep 80
unix 2 [ ACC ] SEQPACKET LISTENING 8017 #/org/kernel/udev/udevd
unix 3 [ ] DGRAM 8026
unix 3 [ ] DGRAM 8025
I see "80"s are bold and red.
It sounds like the EC2 instance rebooted during maintenance and your web server is not set up to auto restart.
Use the chkconfig command to configure the Apache web server to start at each system boot: sudo chkconfig httpd on.
I am using cygwin which has ssh configured.
I am using a windows machine
Path to keypair file : C:\cygwin64\home\suhelkhan.ssh\kworld_kp1.pem
The EC2 instance is Red Hat Enterprise Linux (RHEL) 6
The EC2 is correctly mapped to the keypair
The security group associated with this EC2 instances allows for SSH
connection.
I am using the following command to connect
suhelkhan#DTDVD0003009PR ~/.ssh
$ ssh -vvv "kworld_kp1.pem" ec2-user#ec2-52-63-yyy-zz.ap-southeast-2.compute.amazonaws.com
output:
OpenSSH_7.3p1, OpenSSL 1.0.2h 3 May 2016
debug2: resolving "kworld_kp1.pem" port 22
ssh: Could not resolve hostname kworld_kp1.pem: Name or service not known
Checking with telnet gives the following:
suhelkhan#DTDVD0003009PR ~/.ssh
$ telnet 52.63.141.40
Trying 52.63.141.40...
telnet: Unable to connect to remote host: Connection refused
The Telnet cmd gives out the following:
suhelkhan#DTDVD0003009PR ~/.ssh
$ telnet HOST 22
Can't lookup hostname HOST
I just redid the whole thing (New instance with appropriate security group, Proper Key-Pair match up and new cygwin installation [http://thecoatlessprofessor.com/programming/installing-amazon-web-services-command-line-interface-aws-cli-for-windows-os-x-and-linux-2/ ]) .Also added my Public IP to the inbound tab of the security group i am using.. all works.. thanks for the all the help