I am using an Amazon EC2 instance for the last 2 months but today I am unable to connect to it. Earlier I was connecting using ssh and the service is still running (http://ec2-13-233-199-251.ap-south-1.compute.amazonaws.com).
Last night I tried to add an SSL certifcate from Let's Encrypt using this blog: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04
After that, when I try to connect to the EC2 instance using ssh as:
ssh -i "majorPillar.pem" ubuntu#ec2-13-233-199-251.ap-south-1.compute.amazonaws.com
I am getting connection time out error.
I checked my security group and port 22 is open and other inbound and outbound rules are correct. How can I connect to my instance now?
the port 22 in your server does not respond, 443 port refuses connections.
Double check your configuration in aws console:
inbound traffic configuration on port 22, ensure your ip address has access to that port.
For example:
nc -zv 13.233.199.251 22
The https certificate install should not have side-effects on ssh config.
Anyway, check /etc/ssh/sshd_config configuration file too and ensure ssh port is the one you want (22?)
sudo grep Port /etc/ssh/sshd_config
Related
I need to access an ec2 instance using http but inbound rule is only allowed for ssh.So is it possible to access the ec2 through http if i connected the ec2 using ssh and installed apache http.
It can be resolved using changing the inbound rule but is it possible by apache http without changing the inbound rule
Yes. You can activate Port Forwarding across your SSH connection, which will allow traffic to go across the SSH connection to the web server on the destination EC2 instance, and it will all happen via port 22 (SSH).
For example, this command will forward local port 8000 to the remote port 80:
ssh -i key.pem ec2-user#IP-ADDRESS -L 8000:localhost:80
You can then access the remote web server from your own computer by pointing your web browser to http://localhost:8000. The traffic will be sent across the SSH connection to the EC2 instance, where it will be sent to localhost:80 (which is the web server on the EC2 instance).
For details, see: How to Use SSH Port Forwarding {Ultimate Guide}
I have my EC2 instance security group inbound rule to accept my ip as follows:
Outbound rule as follows:
I can connect to my instance using ssh and also ping my instance from my local machine without any issues.
When I have a server running on my EC2 instance on http protocol in port 9999 I am unable to access this site.
netstat -peanut gives me the following output on the server:
I am not sure why I am not able to access the http page locally? Should anything change in my inbound rule? I tested this on Amazon linux and ubuntu images. Nothing works.
Even though I have opened all ports on my security group aws seems to be allowing me to only access the common ports like 22, 80 and so on.
The only way I could finally access my remote server on port 9999 was by ssh tunneling:
ssh -TNL 9999:127.0.0.1:9999 <user>#<ip-address>
I have a ec2 instance with public ip in public subnet Ubuntu 20.04, everything seems open- But I cant ping or ssh to the instance:
NACL ( I/b & O/b) : 100 - all/all 0.0.0.0/0
Route Table- 0.0.0.0/0 igw
SG: 8080, 443, 22 - 0/0
I have this " open address " hyperlink in the ec2 instance console next to public-IP and public DNS - when I try opening it does not open- can't reach this page - tries https://IP.
Putty times out, also cmd ssh:
ssh -i "pem-file.pem" ubuntu#IP
ssh: connect to host 'IP' port 22: Connection timed out
When an SSH connection times-out, it is normally an indication that network traffic is not getting to the Amazon EC2 instance.
Things to check:
The instance is running Linux
The instance is launched in a public subnet, which is defined as having a Route Table entry to points to an Internet Gateway
The instance has a public IP address, which you are using for the connection
The Network Access Control Lists (NACLs) are set to their default "Allow All" values
A Security Group associated with the instance that permits inbound access on port 22 (SSH) either from your IP address, or from the Internet (0.0.0.0/0)
Your corporate network permits an outbound SSH connection (try alternate networks, eg home vs work vs tethered to your phone)
See also: Troubleshooting connecting to your instance - Amazon Elastic Compute Cloud
If you continue to have problems, then use ssh -vvv ... to activate debugging, and add the output to your Question.
Once you have SSH working, then try to get 443 working.
Do not use Ping to test connectivity because that requires additional rules in the Security Group, and all it tests is whether Ping is working.
Reachability Analyzer is an easy solution. It will analyze the requested path and direct you to the problem.
1. VPC > Reachability Analyzer
2. Create and analyze path
In this case, I would check the path from the Internet GW to the instance on port 22
3. Find the problem
Once the analysis is completed you can find the issue. In my case it's a routing table with no route to the internet GW
4. Fix the problem
Let's add the needed route
5. Verify the path again
Rerun the analysis again
6. SSH is working
ssh -i "my_key.pem" ec2-user#ec2-900-227-116-41.compute-1.amazonaws.com
__| __|_ )
_| ( / Amazon Linux 2022 AMI
___|\___|___| Preview
http://aws.amazon.com/linux/amazon-linux-2022
Last login: Wed Dec 1 09:18:54 2021 from 84.110.59.182
[ec2-user#ip-264-31-83-228 ~]$
I created a new Ubuntu T2 Micro instance on EC2.
Created a new Elastic IP and selected "EIP used in: VPC"
Associated the address to my new EC2 Ubuntu instance.
I now have a Private IP and a Public/Elastic IP. No Public DNS.
My security group has SSH port 22 and HTTP port 80 open.
I can connect to the instance just fine through SSH using the Public IP, but when I try to browse to the Public IP through the browser it says connection refused. I can't ping it either.
I'm out of ideas.
Amazon EC2 HTTP connection refused, but HTTP port is open
That's already proven by the fact that you got 'connection refused'. If the port wasn't open it would have been 'connect timeout'.
'Connection refused' means that the service you tried to connect to wasn't listening at that port. Possibly it isn't started at all, or even installed.
You need to install a web server on your machine, such as Apache or Nginx. This is not provided by default in EC2.
go to security groups --> edit inbound rules --> add rule (add a custom TCP port 8888 with 0.0.0.0/0 ).
There are two major things that can happen to your web server.
Connection refused :- Which means there is no service running (http/JBOSS/nginx) on your server which is available to accept connections on port specified (which is 80 in this case)
Connection timed out :- Would mean server is not able to process any incoming connection hitting it at port 80. Once you fix the security group and your NACL (if you don't have a default one), then you need to re-check to see if it's service which is giving out the error, not to forget that the error response will change.
I'm Using AWS - Amazon Web Services and running commands from MAC Terminal
http://ec2-52-xx-x-xx.us-west-2.compute.amazonaws.com
But I am getting this error :
Gateway Timeout: can't connect to remote host
I'm unable to access the site anymore because of this error
there is a security group applied to this instance
and port 22 for ssh is listed under this security group
Check the security group for this instance and try telnet IP <allow inbound port> . If the telnet is happening on any of these ports this means connectivity is there.
Now comes ssh, by default ssh is on port 22, which as per you already allowed in security group. So you need to check if anyone has changed the sshd_config file and changed the ports?
port 22 for ssh is listed under this security group
This does not imply anything. Which are the IP addresses allowed to access? Also, check your dns name isn't changed as suggested by jarmod.
Simply put, an inbound firewall protects the network against incoming traffic from the internet or other network segments, namely disallowed connections, malware and denial-of-service attacks. An outbound firewall protects against outgoing traffic originating inside an enterprise network.
Are you sure that the host is actually still named ec2-52-xx-x-xx.us-west-2.compute.amazonaws.com? Each time you stop and restart an Amazon EC2 instance, the public DNS name will change. Double check it in the AWS console.
Check both incoming and outgoing rules for port 22, also try with the allocated IP4
To connect using the SSH, ssh should be installed correctly on your machine
just type **"SSH"** if something like this comes up that means your machine has ssh
*usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user#]host[:port]] [-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
[-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
[user#]hostname [command]*
Mostly **Linux and macOS X** have already installed if not then go to the
[here][1]
For **Windows Server** 2019 and Windows 10 [Openssh in Windows][2]
The first check is there any problem with your ssh is allowed from the security group of that particular instance
like is it allowing to connect from ssh or not
once that is confirmed you have to enter the correct syntax to connect the AWS instance
Using Public DNS that is available under the running instance
**ssh -i /path/my-key-pair.pem my-instance-user-name#my-instance-public-dns-name**
Using ipv6 similarly, ipv4 can be done
**ssh -i /path/my-key-pair.pem my-instance-user-name#my-instance-IPv6-address**
in place of **my-instance-user-name** you can through documentation provided by AWs[1]
[1]: http://www.openssh.com
[2]: https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview