I have a running EC2 instance on which one of the database having transactional records stored through the application running on the same instance. I've change the port due to some security reasons but after changing port I'm unable to SSH to the instance.
My security group and NACL both having old as well as new port configured in it.
I've tried to SSH several times but it gives error Network Error: Connection timeout.
I'm scared about to data lost if this instance gets stopped. Need help!
You can login to instance without losing data with the help of 'session manager' option under the "System Manager". You will need to complete certain per-requisites of the session manager as follows given in the Amazon docs for Systems Manager Prerequisites
After completing the per-requisites assign the IAM role to the EC2 instance created for SSM.
Into the AWS console, search for the session manager option under the System manager and your instance ID will get listed over there.
Select the instance and choose for the Start session, you will get the shell console of your instance.
Revert the changes made in /etc/ssh/sshd_config for the port and try to SSH again.
Related
I am trying to fix a website that is hosted on Google Cloud Platform using VM instance. The website is giving me a connection refused error message. I have checked that the firewall rules are set up and are provided to the VM instance.
The VM external IP is static and the same IP is present on both cloud DNS and GoDaddy.
I'm also unable to SSH into the instance.
The SSH screen is stuck here and is not loading any further
I have given the necessary permissions to the instance and the user (Compute Admin, Compute Instance Admin (v1)), but still no luck.
As the instance is created from a custom image, so later, I tried creating another instance with the same config and I was able to SSH from it. So, please find some screenshots attached below if those could be of any help
netstat -a
route -n
df -h
I am new to this so any help to fix the issue and get the website up and running would be highly appreciated.
If it worked at the second attempt (2nd Instance I mean), I suspect that the SSH service hasn't started properly. I would recommend you to check the Serial Port Output, and Accessing into the Instance through the serial port in order to be able to troubleshoot it.
Note that you'll need a user to access through the serial port. If you don't have any user created, you will be able to do so using an startup-script.
Hope this helps!
Yesterday, I updated my Django website (on AWS EC2) to HTTPS by using lets-encrypt. Everything works well. The website has HTTPS green icon as expected.
Today when I try to connect my instance by using SSH. The connection keep hunging. Finally, It give some message like "ssh: connect to host ec2-34-202-93-189.compute-1.amazonaws.com port 22: Resource temporarily unavailable".
I thought it might be security group problem of this instance. So I double checked my security group setting of this instance, the SSH, HTTP and HTTPS port are all open correctly. I created another instance to test if there is any problem on my local. The new instance connected successfully. Then I apply the new instance to the security group that I made for the previous instance and It connected. Then I apply the previous instance to the new security that I made for the new instance, the connection got frozen again. I also tried to connect with putty and it was not working as well.
Now I am really confused. My local machine is Windows subsystem of Linux. My EC2 instance is Ubuntu 16. I am using Nginx as web server. My ssh command is "ssh -i blog_project.pem ubuntu#ec2-34-202-93-189.compute-1.amazonaws.com".
Here is my security group setup for the instance.
This is the result I command "ssh -vvv -i blog_project.pem ubuntu#ec2-34-202-93-189.compute-1.amazonaws.com"
BTW, Is there any way that I can login to my instance without ssh connection? Is there anything like console or shell inside the AWS that I can touch with my instance?
Check if the instance exists on AWS, maybe a new one was created with different Public DNS (xxxx.compute-1.amazonaws.com) than the one you are using in your command.
It's my first time using an ec2 instance from the spot market. I'm assuming its the same to SSH into as with any normal instance. I submitted a request and got one back but now for some reason when I try to SSH into with the public IP I'm getting a timed out error. Is there anything else I need to do after submitting the Spot request, other than waiting for someone to fill it?
As many other users have commented, there are two things need to be done for ssh
assign an aws key-pair when launching the instance
assign a security group with ssh permission
To check whether these two conditions are met for your instance, you can go to the aws EC2 Management console, click on your instance at the instance tab, and check if there is a Key pair name associated with it, and whether the Security groups inbound rule contains port 22 tcp protocol.
If you launch with boto3, the command will look like this
rc = ec2.create_instances(ImageId=ubuntu_64bit,
InstanceType='t2.nano',
MinCount=1,
MaxCount=n_workers,
KeyName='my-key',
)
Here I used the default security group and I have added ssh permission to it.
When these conditions are met, you can log on to the instance using
ssh -i /path/my-key-pair.pem ec2-user#ec2-198-51-100-1.compute-1.amazonaws.com
Depending on the image you load, the user name could vary. Possible ones include ec2-user, centos, ubuntu, root.
Timeout error for ssh means port 22 on this spot instance isn't open to you. Check the security group and add your location IP, allowing access to port 22
I am not able to remote desktop into a T2.micro instance that I spawned from the AWS Java API. Here is what I did:
Created an instance using the Amazon console
Successfully remoted into it
Created an AMI of the instance
Wrote a Java program to runInstance using the same security group, availability zone, subnet, and keyname as the original
Ran the program and saw it start successfully
Tried to connect and got the message: "Password is not
available. This instance was launched from a custom AMI, or the
default password has changed. A password cannot be retrieved for
this instance. If you have forgotten your password, you can reset it
using the Amazon EC2 configuration service"
Am I missing something? Shouldn't this work?
When you say Tried to connect and got the message "Password is not available", do you mean you connected with RDP or do you mean that you were in the AWS console, you right-clicked the EC2 instance and you selected "Get Windows Password"?
Unless you explicitly did something to prevent it (see below), I would expect the administrator password of the new instance to be the same as the old instance.
If you want a new administrator password for the new instance, then you need to use the EC2ConfigService on the original instance and configure it so that a new password is generated on next boot. Then you can stop the instance and create an AMI from it. When a new instance is launched from the AMI, it should then allow you to retrieve a new password.
I created a VM using Hyper-V on my local machine which I can RDP onto fine. I exported the VHDX to VHD and then uploaded it to AWS via the API.
This created a new EC2 instance for me but I cannot connect to it as it has no security keypair associated.
Thus I created a private AMI from the instance and re-instantiated a new EC2 instance from this AMI, setting the keypair in the process to ensure HTTP, RDP etc are permitted. The EC2 instance is running, but when I download teh RDP shortcut if fails to connect. I've tried rebooting the instance several times (as this was one of the suggested solutions on here when I searched) but it hasn't helped.
I also cannot ping any of these instances via the public DNS or private DNS.
Any idea what I'm doing wrong? I'm not even getting as far as the password prompt, its the connectivity is the problem.
Thanks
I had a similar problem - this is the tip from the AWS documentation that helped me solve it:
Verify that the route table for the subnet has a route that sends all traffic
destined outside the VPC (0.0.0.0/0) to the Internet gateway for the VPC
Additional debugging tips for this problem can be found here: Remote Desktop can't connect to the remote computer
The problem is probably the security group configuration attached to the instance. Make sure you have inbound TCP port 3389 permitted to be able to connect via RDP.
in username type:
.\Administrator
....and your decrypted password
See, this is local user. but you dont know real local hostname, that different from public DNS name.
Was helpful for me, hope for you too.
My guess for the reason you aren't getting anywhere has to do with the host certificates.
Be mindful that each computer connecting to the server via RDP needs to have an IAM user in AWS with an X.509 certificate uploaded to their account.
When importing or creating a windows AMI it is best to install and configure the EC2Config service.
The EC2 Config service does the following when you launch the instance:
At initial setup:
Sets the hostname to the private DNS name
Generates and sets a random password on the Administrator account
Initializes and formats the ephemeral disks
Generates and installs the host certificate used for Terminal
Services
Syncs the instance clock with a time server
After initial setup:
Writes the last three entries in the System event log to the Amazon
EC2 console so you can debug startup problems.
Prepares instances for bundling
Also, by default, security groups do not allow you to ping the instances. You must enable ICMP in the security group.
Hope that helps.
EDIT: Here is the link to the 64bit version of the EC2Config Installer
I also had the same problem. This is what I got from EC2.
Public DNS ec2-23-22-109-251.compute-1.amazonaws.com
User name Administrator
Password MyPassword
On the remote desktop, enter the domain and user name as
ec2-23-22-109-251\Administrator
If you paste the password is may not work, try to paste it but reenter the last 1 or 2 characters. Once you get the security certificate prompt accept/install it and your connection should open soon.
This is what worked for me:
Use your cell phone as a "hot spot" - which gives you a static IP address. That worked. Now, I'll need to contact my Internet provider to assign a static IP to my wireless router. Currently, it is spitting out DHCP IP addresses.
UPDATE:
12.7.2016
You need to go to the Security Group, select the Instance, then EDIT the RDP. If you click "MyIP" that should work for those of us working from home. If you are onsite, you may need to put in a custom CIDR.
After rebooting an EC2 instance, I found that I needed to reassociate the Elastic IP address associated with the instance. You click the button below then select the instance and private instance IP address when prompted.
RDP access worked after this step.
After patching Windows 2019 on my server, I couldn't access the instance anymore despite all my working settings didn't change. I used EC2Rescue to fix my issue
Please refer to the link below for details on how to use it: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshoot-connect-windows-instance.html#AWSSupport-ExecuteEC2Rescue