AWS EC2 Can't SSH to EC2 Created by Elastic Beanstalk - amazon-web-services

I have a simple configuration with 7 subnets, 1 NAT, 3 public, 3 private.
All in eu-west-2, then in each availability zone.
The routing is simple, Private goes via NAT interface. Public via IGW.
I have a "proxy" server to SSH jump/tunnel that sat on the Public subnets with a public address.
I can connect to this server without issues.
The problem lies with then me trying to connect to the EC2 instance (created by EB) on the private subnet.
I've check the route tables and security which look fine (they are pretty simple) and I've use the same configuration many times before.
It looks as if the connection is connecting, but it just sits there, doesn't error.
Here is the output when i run it with -vv switch, which suggests the SSH connection is successful.
ubuntu#ip-10-10-1-135:~$ sudo ssh -vv -i "Mypem.pem" ec2-user#10.10.11.101
sudo: unable to resolve host ip-10-10-1-135
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "10.10.11.101" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.10.11.101 [10.10.11.101] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file Mypem.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file Mypem.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
Also, I've already checked the permissions on Mypem.pem with chmod 400.
It just sit (forever) on the line of debug above. Any help much appreciated - I'm sure I'm missing something simple here.

100% CPU
It took me ages to understand this, however on beanstalk it was picking up the application and hitting 100% CPU very quickly.
Because of the CPU I couldn't open an SSH session.
I hope this helps someone else in the future!

Related

Can't ssh to spot aws instance with command that was working before. Connection times out,

Three weeks ago, I could launch an aws instance spot and ssh to it using:
ssh -v -i /home/me/.ssh/aws3.pem ubuntu#ec2-3-145-53-84.us-east-2.compute.amazonaws.com
where the adress was the one under 'Public IPv4 DNS'. Now they have changed the interface and when I go through the hops of launching a spot instance, and it runs, and I get the Public IPv4 DNS, and I plug it in the command above, I get:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.7, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/me/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-3-145-53-84.us-east-2.compute.amazonaws.com [3.145.53.84] port 22.
debug1: connect to address 3.145.53.84 port 22: Connection timed out
ssh: connect to host ec2-3-145-53-84.us-east-2.compute.amazonaws.com port 22: Connection timed out
Fixed. In the new launch menu you have to replace the default
security group (under additional launch parameters - optional) by one of the existing ones (I picked launch-wizard-1). I guess they updated the default launch security group to something less user friendly.

How to access EC2 instance via SSH on mac with Operation Timed Out?

I am trying to connect to an EC2 machine with the following command line on my terminal:
ssh -i id_rsa_aws <ec2_ip_address> -l ec2-user -vvv
Here is the result:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolve_canonicalize: hostname <ec2_ip_address> is address
debug2: ssh_connect_direct
debug1: Connecting to <ec2_ip_address> [<ec2_ip_address>] port 22.
debug1: Connection established.
debug1: identity file id_rsa_aws type 0
debug1: identity file id_rsa_aws-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
ssh_exchange_identification: read: Operation timed out
My ssh_config file:
Host *
SendEnv LANG LC_*
I know the problem must come from my computer. I have tried using the .pem file and I am getting the same error.
Any help would be appreciated.
Thank you
Things to check:
The instance is running Linux
The instance is launched in a public subnet, which is defined as having a Route Table entry to points to an Internet Gateway
The instance has a public IP address, which you are using for the connection
The Network Access Control Lists (NACLs) are set to their default "Allow All" values
A Security Group associated with the instance that permits inbound access on port 22 (SSH) either from your IP address, or from the Internet (0.0.0.0/0)
Your network permits an outbound SSH connection (try alternate networks, eg home vs work vs tethered to your phone)
See also: Troubleshooting connecting to your instance - Amazon Elastic Compute Cloud

AWS: "ssh: connect to host **.***.***.** port 22: Operation timed out"

Although my issue looks very generic and common, it doesn't seem to be identical to anything discussed here in stackoverflow. SecurityGroup has been set up with "MyIP" for ssh connection and I have been using correct pub IP to connect. Yet, I'm still getting timeout error as below. Is there something that I need to change in my Mac?
MacBook-Pro ~ % ssh -vvv -i ~/Documents/awsdemo/aws-livelessons.pem ec2-user#18.181.146.195
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolve_canonicalize: hostname 18.181.146.195 is address
debug2: ssh_connect_direct
debug1: Connecting to 18.181.146.195 [18.181.146.195] port 22.
debug1: connect to address 18.181.146.195 port 22: Operation timed out
ssh: connect to host 18.181.146.195 port 22: Operation timed out
Here's my Security Group. You can see that it does have correct protocol and entered with my public IP.
Security Group Screenshot
And I can confirm that it does match when I look up via terminal.
MacBook-Pro ~ % dig TXT +short o-o.myaddr.l.google.com #ns1.google.com
"58.12.38.113"
And the EC2 instance does have this security group attached.
EC2 Instance Screenshot
If there are any other ways to troubleshoot this, I'd really appreciate it.
Based on the comments, the issue was due to use of non-default NACLs. The solution was to allow SSH in the NACLs.

No longer able to access AWS via SSH after moving SSL crt files

While Installing SSL Certificate on AWS, I renamed the old crt files (like a fool), and now I'm no longer able to access the AWS instance via SSH to fix the file names.
Is there a way to access my AWS instance's files other than SSH? Or, is there a way to continue using SSH to access the instance when the SSL certificates are down?
Originally when I was connecting after the change of file names, I got this prompt response from the server when SSH:
> ssh -vv -i tc.pem ubuntu#tc.com
OpenSSH_7.5p1, OpenSSL 1.0.2l 25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "tc.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to tc.com [1.1.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file tc.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file tc.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to tc.com:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
Connection closed by 1.1.1.1 port 22
At one point I did a reboot on the server and now, I'm getting this when I try to SSH in:
> ssh -i tc.pem ubuntu#tc.com
ssh: connect to host tc.com port 22: Connection timed out
If I could get into the server or access the files in any way to rename them, it would be an easy fix. Appreciate any help anybody can offer.
This is fairly easy to do. Basically you will mount your EC2 instance's root volume (EBS volume) on another instancce, edit .ssh/authorized_keys and then reattach the volume back to your instance.
Here is an article that covers this step-by-step:
SSH Key Access Recovery on EC2 Instances
There are a number of similar articles on the Internet.

Error connecting to AWS Instance via college proxy

I am not able to connect to my AWS EC2 instance via my college proxy. However it connects when using a non-proxy connection. The error is as follows:
$ ssh -i .ssh/aws-key-fast-ai.pem ubuntu#ec2-*----.us-west-2.compute.amazonaws.com -vvv
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ________.us-west-2.compute.amazonaws.com [34.208.50.122] port 22.
debug1: connect to address *.*.*.* port 22: Connection refused
ssh: connect to host *-*-*-*-*.us-west-2.compute.amazonaws.com port 22: Connection refused
You can access it only if your ip is mentioned under inbound of aws server. When you are using a proxy , IP is getting changed which probably is not mentioned under the inbound.
I just found the answer.
https://wiki.metakgp.org/w/How_to_SSH_into_a_server_that_is_outside_the_campus_network
You have to install corkscrew and follow the procedure listed in the link above. Thanks.