Cannot reach amazon EC2 instance from local using SSH - amazon-web-services

Cannot ssh into Amazon EC2 instance, this seems to be very common problem but I have tried everything suggested in all available documents, anyone else have any idea what is missing from below?
Created new EC2 instance and downloaded the .pem file
Created a new inbound rule in EC2 instance Security group allow my local IP
Created a new inbound rule in EC2 instance Network ACL to allow my local IP
Created a new outbound rule in EC2 instance Network ACL to reach my local IP
Made sure the VPC route is attached to internet gateway
Made sure EC2 instance is attached to correct security group
After all this when I try to ssh from my local machine I'm getting connection timed out ,is there anything else I have to do
I have also disabled firewall and tested just incase
ssh -vvv -i key.pem ec2-user#********
OpenSSH_7.1p2, OpenSSL 1.0.1g 7 Apr 2014
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to ec2-instance [********] port 22.
debug1: connect to address ****** port 22: Connection timed out
ssh: connect to host ******* port 22: Connection timed out

A timeout is normally an indication that there is no network connectivity. This is almost always related to the Security Group. It the error returns immediately, it means that the instance received, but rejected, the connection. If it takes a long time to respond, it typically means that the request is not reaching the instance.
Some suggestions:
Confirm that the instance has been assigned a Public IP address
Confirm that the security group is permitting Inbound Port 22 (SSH) for your IP address. In fact, for testing purposes, temporarily allow it from 0.0.0.0/0 just to eliminate one potential cause of the problem.
Remove your NACL entries. The default NACL entries permit ALL inbound and outbound access. Your changes might have negatively impacted this.
Confirm that the it is a Linux instance (Windows does not support SSH by default)
Confirm the instance is in the Public Subnet (the one with your route to the Internet Gateway)
It is possible that your network is rejecting the connection (eg due to firewall rules). Try using a different computer and/or a different network (eg home vs office) to eliminate this as a cause.

Related

Unable to connect to AWS instance on port 22

We were able to ssh to the EC2 instance using the connect details until today; when it stopped working and I get the below error:
root#DKERP:~# ssh -i "gindustries.pem" ubuntu#ec2-15-184-231-34.me-south-1.compute.amazonaws.com
ssh: connect to host ec2-15-184-231-34.me-south-1.compute.amazonaws.com port 22: Connection timed out
Also, the telnet to public IP & port 22 is not working
root#DKERP:~# telnet 15.184.231.34 22
Trying 15.184.231.34...
telnet: Unable to connect to remote host: Connection timed out
The session manager is also failing to connect with the below error:
We weren't able to connect to your instance. Common reasons for this include:
SSM Agent isn't installed on the instance. You can install the agent on both Windows instances and Linux instances.
The required IAM instance profile isn't attached to the instance. You can attach a profile using AWS Systems Manager Quick Setup.
Session Manager setup is incomplete. For more information, see Session Manager Prerequisites.
There are no firewalls in AWS configurations.
Overview:
Security Groups:
Instances:
Network Interface:
VPC:
Network ACLs:
The system logs are updated here: https://pastebin.com/RhAG5DzP
Kindly suggest.
The Connection timed out message normally indicates that there is no network connectivity.
In most cases, this is due to the Security Group.
The steps to check it are:
Select the instance in the Amazon EC2 management console
Go to the Security tab
Check the Inbound rules
To permit an SSH connection, there needs to be a rule that permits port 22 (SSH) and the source set to your IP address or from the whole Internet (0.0.0.0/0) -- preferably only your IP address so that everybody else will be blocked.
When launching an Amazon EC2 instance from the console, it will default to creating a new Security Group called launch-wizard. However, it is generally better to create your own Security Group with a useful name and only the rules you want. You can then re-use that Security Group in future for similar instances.

No response for ssh when Amazon EC2 running with `2/2 checks passed`

I have ec2 running.
It runs continuously for 6 months and has no problem.
However today I run some Mysql sequence.
It suddenly has no response for ssh and http
I have checked status in amazon console 2/2 checks passed
but when I ry to connect ssh it stacks.
ssh -v ubuntu#54.71.***.*** -i ~/.ssh/id_rsa.myserver
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/whitebear/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to 54.71.***.*** [54.71.***.***] port 22.
I think it looks like somehow server is freeze.
However in amazon aws console 2/2 checks passed it can be happen??
Any suggestion appreciated . thank you very much
When an SSH connection times-out, it is normally an indication that network traffic is not getting to the Amazon EC2 instance.
Things to check:
The instance is running Linux
The instance is launched in a public subnet, which is defined as having a Route Table entry to points to an Internet Gateway
The instance has a public IP address, which you are using for the connection
The Network Access Control Lists (NACLs) are set to their default "Allow All" values
A Security Group associated with the instance that permits inbound access on port 22 (SSH) either from your IP address, or from the Internet (0.0.0.0/0)
Your corporate network permits an outbound SSH connection (try alternate networks, eg home vs work vs tethered to your phone)
See also: Troubleshooting connecting to your instance - Amazon Elastic Compute Cloud

I can SSH to one instance via bastion, but not to a second instance

I supposed to add the ssh key and then ssh to the AWS instance using a jumphost in 2 operations
So, first adding the key
ssh-add ~/.ssh/<key-file>.pem
Then ssh to jumphost
ssh -A ec2-user#jumphost
And then from jumphost to instance
ssh ec2-user#<private IP>
This works for one instance but does not work for another instance - cannot ssh to this instance from a jumphost.
What instance setting can prevent me to do ssh?
The output of ssh -v ec2-user#
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to <private ip>[<private ip>] port 22
There are different causes of this issue.
Check the security group of the ec2 instance you are connecting from the jump host / bastion if port 22 is open. If it's not open, add the rule. You can verify this if you telnet the destination server on port 22 form the jump host / bastion. command: telnet destinationip 22
if the above doesn't work, check if the ec2 instance you are connecting is in a running state with 2/2 checks passed. This will make sure that both network and operating system are functional.
if the above doesn't work, check if your Network Access List (NACLs) are allowing the inbound and outbound traffic. The default setting allows the traffic.
Make sure the the firewall is setup correctly! That is mandatory in AWS console when you setup your new instance. My guess is a wrong default was selected.
The reason was pointed by the user LogicIO. Somehow, one instance was moved to the different VPC and therefore the jumphost (bastion) and the instance appeared on the different VPC's, so connection stopped working. I needed a different jumphost.

PuTTy Connection timed out for EC2

I created Ubuntu instance in EC2. And worked fine so far.
But somehow I can't connect to the server by PuTTy anymore and I get Network error: Connection timed out.
The instance is running in the console.
CPU uses just 2%.
InBound Setting seems no problem. SSH with 22 port.
Tried with the IP address and DNS.
restarted the instance and Tried.
Stopped and tried with different IP address.
Instance connection is fine.
This is the screenshot:
This is inbound rule:
How can I solve this problem?
A Connection timeout is a sign that your computer is unable reach the remote computer. Such an error normally takes some time before it fails.
If, instead, the remote computer rejected the connection, the error would appear immediately and the message would be Permission denied.
Things to check:
The Security Group on the EC2 instance needs to allow inbound SSH (port 22) access either from the whole internet (0.0.0.0/0) or, preferably, from a smaller CIDR range that includes your computer (eg choosing "My IP" in the console). This is typically the cause of the issue 80% of the time.
The instance needs to be in a Public Subnet, which means the subnet is connected to an Internet Gateway.
Your network must allow an outbound SSH connection to AWS. Some corporate networks might block this.
There are some other potential causes, but most of the time the cause is one of the above.

AWS EMR connect to Master Node: Connection Refused

I have setup a new EMR instance on AWS. I've copied the ssh connection command for the master node.
ssh -i -vvv ~/.ssh/xxxx.pem hadoop#ec2-xx-xxx-xxx-xx.us-east-2.compute.amazonaws.com
I have the pem file in the correct location. I have changed permissions on the file with
chmod 400 ~/.ssh/xxxx.pem
I still get the following error:
debug1: Connecting to ec2-18-219-186-80.us-east-2.compute.amazonaws.com port 22.
Any help much appreciated.
I figured it out. You have to add SSH permission to the security group on the machine you wish to SSH to. Go to EC2, then down to security groups, and on the master node, and add rule for SSH.
From Amazon:
Security groups are restrictive by default. They reject all traffic. You can add a rule to allow traffic on a particular port to your custom or additional security groups. If there is more than one rule for a specific port in two security groups that apply to the same instances, the most permissive rule is applied. For example, if you have a rule that allows SSH access via TCP port 22 from IP address 203.0.113.1 and another rule that allows access to TCP port 22 from any IP address (0.0.0.0/0), the rule allowing access by any IP address takes precedence.
https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-additional-sec-groups.html