I created Ubuntu instance in EC2. And worked fine so far.
But somehow I can't connect to the server by PuTTy anymore and I get Network error: Connection timed out.
The instance is running in the console.
CPU uses just 2%.
InBound Setting seems no problem. SSH with 22 port.
Tried with the IP address and DNS.
restarted the instance and Tried.
Stopped and tried with different IP address.
Instance connection is fine.
This is the screenshot:
This is inbound rule:
How can I solve this problem?
A Connection timeout is a sign that your computer is unable reach the remote computer. Such an error normally takes some time before it fails.
If, instead, the remote computer rejected the connection, the error would appear immediately and the message would be Permission denied.
Things to check:
The Security Group on the EC2 instance needs to allow inbound SSH (port 22) access either from the whole internet (0.0.0.0/0) or, preferably, from a smaller CIDR range that includes your computer (eg choosing "My IP" in the console). This is typically the cause of the issue 80% of the time.
The instance needs to be in a Public Subnet, which means the subnet is connected to an Internet Gateway.
Your network must allow an outbound SSH connection to AWS. Some corporate networks might block this.
There are some other potential causes, but most of the time the cause is one of the above.
Related
We have a site to site VPN connection from our AWS cloud to the customer's on site network. Our web application login requires the authentication from the customer's active directory and hence the need for VPN connection.
When our application is not being used for a while the VPN tunnel goes down, due to which when a user tries to log into the application he is unable to due to downed tunnel. It takes some time for the tunnel to get up after which everything works properly.
I had a call with the customer's IT people and it seems they have set up a keep alive bit (DPD settings) on their end but still the tunnel keeps going down. AWS support isn't much of a help either.
I google around and discovered that one way we can keep the tunnel alive is by "sending a ping to the target from the device sourced from the outside interface. A possible destination for the ping is an instance within the VPC"
AWS documentation also suggests "to create a host that sends ICMP requests to an instance in your VPC every 5 seconds."
I already have an private subnet EC2 instance (with only private IP) in my VPC.
My question is, do I need to create another ec2 instance in my VPC private subnet and ping the first one from the other every 5 seconds?
Would I need to write a shell script for this?
I am basically confused about from where to ping, whom to ping and how to ping.
Ping any remote AWS instance from your on-premise site, thereby causing traffic over the vpn. Just schedule it in windows task scheduler, and use the basic command line ping.
I tried to connect to a running ec2 instance with my usual settings, it returns
ssh: connect to host ec2 port 22: Connection timed out
I tried to connect with the built-in "EC2 Instance Connect", to connect directly from the browser with the AWS account, it returns
There was a problem setting up the instance connection An error
occurred and we were unable to connect or stay connected to your
instance. If this instance has just started up, try again in a minute
or two.
The instance was running for weeks, I am the only user with access to the AWS account and the SSH Keys and I didn t change any setting in the last ~3 weeks or restarted it
1st the timeout started ~1 week ago, nand then without any other change, my website (wordpress) suddenly started to show a database connection error (the database in inside the EC2 instance as well)
What I used to connect :
Either
ssh -i "Keys.pem" ec2-user#ec2-[public ip].eu-west-3.compute.amazonaws.com
Or
ssh ec2-user#[public ip] -i "Keys.pem"
Both show the same error. I used the first one several weeks ago and it used to work well
This timeout will be caused by invalid security group rules.
Ensure that the security group rules attached to your instance allow inbound access from the source IP address you're trying to SSH from, the database connection may also be related to this.
If you're connecting using a dynamic public IP address to SSH to your host, you will need to adjust this every time your IP address changes. It might be more appropriate to setup a VPN so that you can connect privately to your host.
I launched Amazon Linux instance and I am using a default security group with following settings:
Type:All traffic
Protocol:All
Port Range:All
But when connecting through ssh from my Mac I get Operation Timed Out message:
ssh -i "<key in double quotes>" ec2-user#<>.amazonaws.com
result in
ssh: connect to host <>.amazonaws.com port 22: Operation timed out
I am not sure what could be the reason. Can someone please help?
A time-out normally indicates there is no network connectivity to the remote computer. A simple rule-of-thumb is:
If the error comes back immediately, then the SSH request has been rejected by the remote computer
If the error takes some time to come back (eg 5+ seconds), then it never reached the remote computer
Some potential causes:
Something else is blocking the access, such as a corporate firewall. Try from a different network (eg home, work, tether via your phone) to try and diagnose this situation.
The instance might be in a private subnet
The instance might be in a subnet that is incorrectly configured (eg not routing to an Internet Gateway to make a 'Public' subnet)
I have installed IntelliJ YouTrack running on port 80 on a Windows Server 2012 t2.micro EC2 instance on AWS.
I am able to access YouTrack when I remote desktop into the machine and enter http://localhost or http:// or http://. Therefore I know the application is up and running on the expected port.
I have whitelisted my ip by adding the relevant inbound rule under the security group settings for the instance.
I was assuming that was the only necessary step to allow inbound connections to that specific port. However I cannot access YouTrack when I enter the public IP of the instance on my web-browser from the whitelisted IP. Also what I find more confusing is when I try to enter http:// within the remote desktop of the instance, I am still unable to connect.
What am I missing for enabling incoming connections to a port on my EC2 t2.micro instance?
I appreciate all the advice.
It seems that Windows firewall was running and blocking the connections beyond the security group settings. Opening port 80 within Windows firewall fixed the issue.
When I first ran into the issue I typed "Firewall" into the start search. First result was "Windows Firewall with Advanced Security". When I opened that I got the error "There was an error opening Windows Firewall with Advanced Security snap-in". I immediately assumed AWS eliminated the firewall service from the windows builds to force customers to prefer the security group controls of the AWS console.
Embarassingly I have just now tried the second option in the list "Windows Firewall" which showed the normal windows firewall being active and of course blocking incoming connections to port 80. I have added the exceptions to the required ports and the issue was immediately resolved.
I hope this helps someone else out there.
I'm trying to connect to a Windows instance in EC2 through RDP but it gives me the message
Remote Desktop to server is not enabled
The remote Computer is turned off
The remote computer is not available on the network.
The weird thing is that the connection worked fine last week and nothing has changed.
The instance can be reached through a VPN connection. I think this is the problem because I have read many posts and everything seems setted up correctly (for example the RDP port on the security group and other things)
Hope someone can help me.
As you have quoted it worked last week but now, these are the things which you can check
Your public IP may be changed i.e. In the RD port - IP Access for the Instance in Security Group; RD port could have been to your old IP and now your IP could have been changed, recheck your public IP and verify that against that in SG of the Instance
As it is from VPC, the Security Group of the Instances can be completely changed / RD rules removed
Your instance's Firewall is enabled and blocking
Your corporate firewall is blocking to connect to your instance.
Attach an Elastic IP and re-check.