I'm having trouble connecting my EC2 instance via ssh. Currently my session times out when I try to connect.
I have a security group with the following settings
Inbound:
Type: All traffic
Protocol: All
Port Range: All
Source: 0.0.0.0/0
Outbound:
Type: All traffic
Protocol: All
Port Range: All
Destination: 0.0.0.0/0
I followed the instructions on saving the private key and converting it to use with putty. When I put the public dns into putty, I am unable to connect. I verified the host name resolves by an online DNS checker.
On the client side, I launch putty and put the following information in:
Host name (or IP address): ec2-user#<Public DNS value>
Port: 22
Connection Type: ssh
In the connection->ssh->Auth->Private Key File for Authentication I point it to my private key from AWS after it has been transformed to a ppk.
Is there anything else I need to setup to be able to connect to the EC2 instance?
It turned out to be an issue with the account and not a technical issue. For whatever reason my account was set to isolated mode by Amazon. The AWS tech support verified that all of the settings were correct.
Related
My EC2 instance has the following security rules:
Unfortunately, if I browse its public IP address via HTTPS, I get "Unable to reach the site", while if I browse it via HTTP it works as it should.
SOLVED - I had to set Apache to listen on port 443.
I have my Elasticsearch cluster in a VPC, I'd like to access this EC cluster from my local Macbook.
I have set up a bastion host that uses the same VPC and the same security group, and I was able to ssh into this bastion host from my Macbook.
But somehow, my code just cannot connect to my ES cluster through this bastion host, here's my command to run port forwarding:
ssh -i ~/Downloads/keypairs/20210402-02.pem ubuntu#ec2-123-456.us-west-2.compute.amazonaws.com -N -L 9200:vpc-es-domain-20210331-abc123def.us-west-2.es.amazonaws.com:443
Here's my timeout exception when accessing the ES cluster in the VPC:
java.net.ConnectException: Timeout connecting to [vpc-es-domain-20210331-abc123def.us-west-2.es.amazonaws.com/10.0.47.182:443]
at org.elasticsearch.client.RestClient.extractAndWrapCause(RestClient.java:823) ~[elasticsearch-rest-client-7.6.1.jar:7.6.1]
at org.elasticsearch.client.RestClient.performRequest(RestClient.java:248) ~[elasticsearch-rest-client-7.6.1.jar:7.6.1]
at org.elasticsearch.client.RestClient.performRequest(RestClient.java:235) ~[elasticsearch-rest-client-7.6.1.jar:7.6.1]
at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1514) ~[elasticsearch-rest-high-level-client-7.6.1.jar:7.6.1]
at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1484) ~[elasticsearch-rest-high-level-client-7.6.1.jar:7.6.1]
at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454) ~[elasticsearch-rest-high-level-client-7.6.1.jar:7.6.1]
at org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497) ~[elasticsearch-rest-high-level-client-7.6.1.jar:7.6.1]
Here are the rules of my SG:
Inbound:
All TCP TCP 0 - 65535 0.0.0.0/0
All traffic All All sg-abc123 / default
SSH TCP 22 0.0.0.0/0
Outbound:
All traffic All All 0.0.0.0/0
When I've ssh'ed into my bastion host, and run curl vpc-es-domain-20210331-abc123def.us-west-2.es.amazonaws.com, I got this response:
{
"name" : "abc123",
"cluster_name" : "abc123097:es-domain-beta-20210331",
"cluster_uuid" : "abc123def",
"version" : {
"number" : "7.8.0",
"build_flavor" : "oss",
"build_type" : "tar",
"build_hash" : "unknown",
"build_date" : "2021-01-15T06:15:47.944536Z",
"build_snapshot" : false,
"lucene_version" : "8.5.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
I'm suspecting my command to do port forwarding is not correct? But after research, this looks the most legit option to me.
Any insight would be greatly appreciated!
The code running on your local computer is trying to connect directly to the Elasticsearch server without going through the SSH tunnel. The SSH command is opening a tunnel from your local port 9200 to the remote server. The local software trying to connect to Elasticsearch should be connecting to localhost:9200 not vpc-es-domain-20210331-abc123def.us-west-2.es.amazonaws.com/10.0.47.182:443.
The endpoint vpc-es-domain-20210331-abc123def.us-west-2.es.amazonaws.com/10.0.47.182:443 doesn't look valid anyway. It has a hostname and an IP address in there.
You mentioned in the comments:
"I actually launched my bastion host using the same SG as my ES"
However just placing two resources in the same security group does nothing unless that security group also has a rule specifically allowing traffic between the resources within it. Security groups do not have this rule by default, except for the default security group in the default VPC that is created automatically when you first create your AWS account.
So please make sure that the security group has a rule that will allow the bastion host to connect to the Elasticsearch server over port 443.
I have installed elasticsearch in one instance and kibana in another instance.
Both the services are running and I can connect elasticsearch using curl and its instance public ip with port 9200
version: 7.9.2 both
Assume: Public ips
elasticsearch - x.x.x.x
kibana - y.y.y.y
Issue:
Cant connect kibana instance with its curl and public ip with port 5601
Error: Failed to connect to y.y.y.y port 5601: connection refused
Query:
Correct config for elasticsearch.yml and kibana.yml
` kibana.yml:
port: 5601
server.host: "y.y.y.y"
elasticsearch.hosts: ["http://x.x.x.x:9200"]
elasticsearch.yml:
network.host: 0.0.0.0
http.port: 9200 `
It is extremely likely you have not configured the correct security group rules on the kibana instance to permit you to access the service. You need an ingress rule permitting tcp to port 5601 from whatever your ingress range is.
Likewise, it is extremely likely you have not granted access to elasticsearch (x.x.x.x:9200) from y.y.y.y
Check your security group rules.
Also, please ensure your elasticsearch public ip does not permit access from 0.0.0.0 - publically accessible elasticsearch clusters are a prime target for naughty people.
I have configured an EC2 instance and I am now trying to install an open source app (Wiki.js). One of the steps (visible here under configuration) requires me to navigate to http://localhost:3000/ but replace localhost with the IP address of my server. I have tried this multiple times and tried different variations of security groups for the EC2 Instance but nothing seems to work. Currently the inbound rules are set to the following:
1)
Type: HTTP
Protocol: TCP
Port Range: 80
Source: 0.0.0.0/0
2)
Type: HTTPS
Protocol: TCP
Port Range: 443
Source: 0.0.0.0/0
3)
Type: SSH
Protocol: TCP
Port Range: 22
Source: 0.0.0.0/0
I'm not sure what the problem could be. Are these security settings wrong? Am I using the wrong IP address? I am coping the address directly from the console under Iv4 Public IP.
EDIT:
Could it have something to do with the route table or subnet? If so it doesn't appear to be possible to edit those via the console. Would I need create a new instance?
Why don't you open port 3000 for the EC2 instance ?
I think the application requires you to access port 3000. But you don't configure that security group.
I'm trying to connect to my Hansoft server on my AWS server that is running Windows Server.
I've tried opening all inbound traffic to test, but that hasn't worked. I'm able to ping the server so it's there.
Hansoft servers use default port 50256.
What else could I try?
Launch-wizard-1 security group settings below.
Inbound Security rules:
All Traffic, All protocols, All port range, Source 0.0.0.0/0
RDP, TCP Protocol, Port range 3389, Source 0.0.0.0/0
All ICMP, All protocols, Port range N/A, Source 0.0.0.0/0
Outbound Security rules:
All Traffic, All protocols, All port range, Source 0.0.0.0/0
Try the following:
Are you sure 100% the service is running?
While logged into the instance, can you 'telnet localhost 50256' and get a connection? Have you tested it locally and confirms it works?
Disable your local firewall and anti-virus.
Have you checked the local Windows Firewall on that server? That will block you in some configurations, so you need to check that. You may need a new inbound rule there.