i have a problem, im trying to connect to my instance EC2 with SSH, but say: Connection closed by IP port 22
I was checking all the configuration, im using a Mac with iTerm (also try with terminal) and is not working, looks like AWS EC2 block my Key PEM.
I ask to AWS support, but they said my IP is not block and they dont see any problem...
What I try is open my port 22, enable the remote login, change the permission to my pem.
Also I configure my inbound connection, with the same configuration of another instance and is working.
I was searching for a solution, but I don't have a solution, maybe I can create another instance and move the content to another instance, but I don't know if I can do that?
any information will be helpful
Check that the username was incorrect. On ubuntu instances it should be "ubuntu" and on amazon instances it should be "ec2-user".
You need to check for the following steps in order to connect EC2 from Mac:
First download the pem file used / created at the time of instance creation.
We have a benefit using Linux / Mac over windows as PEM file created can directly be used to connect. For windows we need to convert it into PPK file.
Now change the permission of the file to Read / Write and make sure the file extension is .pem and not .txt
Check the EC2 permission weather the port is being enabled or not using the following sub steps:
Check the Routes Table for port 22 incoming request is allowed or not.
Check the Network Access Control List of the VPC at the subnet weather the incoming request at port 22 is allowed or not.
Check the Security Group of the instance that weather port 22 request is allowed or not.
By default all the incoming request is being Blocked by the AWS. And
we need to enable the port with the corresponding protocol to allow or
not.
If you have no idea then simply you can set the permission to ALL REQUEST to 0.0.0.0/0, this will enable to connect your EC2 to the internet and to your ssh as well.
Hope this helps.
After many days of struggling with this issue i found solution. You just have to stop your instances and de-attach your volumes and reattach them and it will work like charm. Hope it help you out.
Related
I am new to EC2 and I am getting this error:
Using username "ec2-user"
Server refused our key
Disconnected: No supported authentication methods available (server sent: publickey)
I am using Amazon Linux AMI 2017.03.1 (HVM), SSD Volume Type so my username is correct. I have also converted the pem file into ppk file and added into SSH-Auth in putty console.
I have looked at all the solutions in StackOverflow for my problem but none seem to work.
In my VPC dashboard -> Network ACLs -> Inbound Rules
Rule # Type Protocol Port Range Source Allow / Deny
100 ALL Traffic ALL ALL 0.0.0.0/0 ALLOW
* ALL Traffic ALL ALL 0.0.0.0/0 DENY
Could this be a reason for the error?
The Network Access Control List (NACL) is not a problem. Just leave it at the default setting. The fact that you are connecting to the server (even though it is refusing the connection) is proof that there is connectivity between your computer and the Amazon EC2 instance.
The problem lies in authentication. It is basically saying that it doesn't like your key pair.
Make sure the PEM file that you converted has the same name as the Key Pair associated with the instance (as shown in the management console)
Try converting the key again -- it might not be in the right format
See: Use PuTTY to access EC2 Linux Instances via SSH from Windows (You don't need to use Pageant.)
I have started an EC2 instance that I cannot connect to using PuTTY. I'm using a key pair that I created using PuTTYgen and then imported to AWS. I have specified the private key file on the client side in Connection -> SSH -> Auth. I have SSH on port 22 selected for PuTTY. The EC2 instance has a single security group, and this group has an inbound rule allowing TCP on port 22 from my home laptop's IP address. Still no joy when I try to connect.
In the PuTTY window I see this:
Using username "ec2-user".
Server refused our key
Also an error dialogue box pops up with this message:
Disconnected: No supported authentication methods available (server sent publickey)
What other things should I look into or do differently? I have been successful with this before so I know that it can work, but apparently I've forgotten one or more pieces of the puzzle.
Which Linux distribution are you using? ec2-user is only valid for Amazon Linux. If you use another Linux distribution user is root or ubuntu (for Ubuntu Linux).
For any future searchers having this problem, I found one more issue. I downloaded the .pem key from AWS and converted to .ppk and tried to ssh using Putty, and I would get 'Server refused key'. After much hair pulling I randomly updated Putty to the latest available version (0.77 as of writing) and that solved my issue. Same issue with WinSCP.
I have set up a a micro EC2 instance on AWS. Currently, I am using the free tier in Oregon. There are two problems which I am facing.
When I try to SSH the instance using the public DNS, it says host does not exist but when I try conencting it using the public IP, it connects to it. What setting is needed to use the public DNS ?
I have opened the SSH client using the IP address. I want to set up my application which needs Node.js and MongoDB. I installed Node.js using this
Next I installed MongoDB using this
Then I connected to my instance using Filezilla and uploaded my code to it. I then start my node application which uses socket.io.
When I try to connect to socket.io server using web browser, I get a message which says connection refused "error 111". I have opened TCP port 80 in instance's security groups. In iptables, I have forwarded port 80 to 8080, but still it does not work. I have also checked that the firewall is disabled in ec2. Kindly help me to resolve this issue.
Did you check if all of the necessary ports are open on Amazon Security Policy?
What you can do is to allow all traffic on Amazon Security Policy for test and see if the connection goes well or not.
You might also check if you need access DB from outside. In that case, you also have to open the mongodb port and setup mongodb correctly as well.
Other tools that might useful to test firewall and connection issue will be tcpdump and syslog file
For the dns issue, did you try to nslookup on that name and see if the IP shown matches your server IP?
As Amazon gives a long DNS hostname for the server, I always use my own domain name. It's much easier.
example : ec2.domainname.com, which points to the Amazon IP address
Hope that help.
My problem is resolved now..
For the DNS issue, earlier I needed proxy to access internet, so I guess the DNS name was not getting resolved. When I tried using proxy free internet, I was able to ssh using public DNS.
And regarding connection to socket.io, I used port 8080 instead of 80 and used "sudo node main.js" to run my node file. Now I am able to connect to the socket.io server and MongoDB.
Another thing which I want to ask is that would running the node file with sudo rights create some security issue ?
Thanks for the answer! That also worked for me. I had the same problem trying to connect through sockets (http://myipaddress:3000) to a node.js server, i tried opening ports on the actual ec2 instance and disabling the firewall through SSH but nothing worked. Had to go to Security Groups on the ec2 console and open a new inbound tcp rule enabling that port
here is what i have done:
I've opened up post 80, 22,21 in the amazon e2 security settings
i have putty and putty gen
i have putty and pem keys
i created an index.html file in the public_html directory using Win_SCP
nothing loads
http://ec2-107-20-57-133.compute-1.amazonaws.com/
Putty keeps telling me the connection refuses no matter what i put in it.
I can't even login without it disconnecting me. Is this a problem with my own network setting at work , is this a problem with putty config, problem with my amazon account..i dunno
First,
What IP addresses did you allow HTTP, FTP and SSH traffic from?
Next,
Is ec2-107-20-57-133.compute-1.amazonaws.com still the correct instance name?
Then,
Is your web started and running?
Is index.html the actual default document?
I had a similar problem with instances refusing connections. I would suggest you to check the ports open and if they allow the traffic from all IPs. Also, if you are using the default security settings and it refuses the connections, try creating your custom security profile and open up the required ports and allow IPs.
Also, which OS image did you select while creating the instance?
I created a VM using Hyper-V on my local machine which I can RDP onto fine. I exported the VHDX to VHD and then uploaded it to AWS via the API.
This created a new EC2 instance for me but I cannot connect to it as it has no security keypair associated.
Thus I created a private AMI from the instance and re-instantiated a new EC2 instance from this AMI, setting the keypair in the process to ensure HTTP, RDP etc are permitted. The EC2 instance is running, but when I download teh RDP shortcut if fails to connect. I've tried rebooting the instance several times (as this was one of the suggested solutions on here when I searched) but it hasn't helped.
I also cannot ping any of these instances via the public DNS or private DNS.
Any idea what I'm doing wrong? I'm not even getting as far as the password prompt, its the connectivity is the problem.
Thanks
I had a similar problem - this is the tip from the AWS documentation that helped me solve it:
Verify that the route table for the subnet has a route that sends all traffic
destined outside the VPC (0.0.0.0/0) to the Internet gateway for the VPC
Additional debugging tips for this problem can be found here: Remote Desktop can't connect to the remote computer
The problem is probably the security group configuration attached to the instance. Make sure you have inbound TCP port 3389 permitted to be able to connect via RDP.
in username type:
.\Administrator
....and your decrypted password
See, this is local user. but you dont know real local hostname, that different from public DNS name.
Was helpful for me, hope for you too.
My guess for the reason you aren't getting anywhere has to do with the host certificates.
Be mindful that each computer connecting to the server via RDP needs to have an IAM user in AWS with an X.509 certificate uploaded to their account.
When importing or creating a windows AMI it is best to install and configure the EC2Config service.
The EC2 Config service does the following when you launch the instance:
At initial setup:
Sets the hostname to the private DNS name
Generates and sets a random password on the Administrator account
Initializes and formats the ephemeral disks
Generates and installs the host certificate used for Terminal
Services
Syncs the instance clock with a time server
After initial setup:
Writes the last three entries in the System event log to the Amazon
EC2 console so you can debug startup problems.
Prepares instances for bundling
Also, by default, security groups do not allow you to ping the instances. You must enable ICMP in the security group.
Hope that helps.
EDIT: Here is the link to the 64bit version of the EC2Config Installer
I also had the same problem. This is what I got from EC2.
Public DNS ec2-23-22-109-251.compute-1.amazonaws.com
User name Administrator
Password MyPassword
On the remote desktop, enter the domain and user name as
ec2-23-22-109-251\Administrator
If you paste the password is may not work, try to paste it but reenter the last 1 or 2 characters. Once you get the security certificate prompt accept/install it and your connection should open soon.
This is what worked for me:
Use your cell phone as a "hot spot" - which gives you a static IP address. That worked. Now, I'll need to contact my Internet provider to assign a static IP to my wireless router. Currently, it is spitting out DHCP IP addresses.
UPDATE:
12.7.2016
You need to go to the Security Group, select the Instance, then EDIT the RDP. If you click "MyIP" that should work for those of us working from home. If you are onsite, you may need to put in a custom CIDR.
After rebooting an EC2 instance, I found that I needed to reassociate the Elastic IP address associated with the instance. You click the button below then select the instance and private instance IP address when prompted.
RDP access worked after this step.
After patching Windows 2019 on my server, I couldn't access the instance anymore despite all my working settings didn't change. I used EC2Rescue to fix my issue
Please refer to the link below for details on how to use it: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshoot-connect-windows-instance.html#AWSSupport-ExecuteEC2Rescue