I've changed default ssh port by performing the following steps;
Edit 22 to 2200 in sudo nano /etc/ssh/sshd_config
restart ssh server by using sudo service ssh restart
Added a ufw rule sudo ufw allow 2200/tcp
Added a rule in EC2 security group in AWS management console to allow TCP 2200 from 0.0.0.0/0
SSH access to public IP using port 2200 and using SSH private key
But it was it was unresponsive.
Any ideas?
You need to restart sshd
sudo service sshd restart
Not the ssh restart because ssh_config controls the behaviour of ssh not sshd
Related
I want to open port 80 to allow HTTP connections on my EC2 server. But when I'm entering "telnet xx.xx.xx.xx 80" on a terminal the following is displayed
"Trying xx.xx.xx.xx..."
telnet: Unable to connect to remote host: Connection timed out
In AWS I've opened port 80 by defining an Inbound Rule on the Security group (only one security group is defined for this EC2 server)
I'm using the Public IPv4 address to make a telnet connection
I noticed you have a fresh install -- fresh installs do not have software listening over HTTP by default.
If there is no application listening on a port, incoming packets to that port will simply be rejected by the computer's operating system. Ports can be "closed" through the use of a firewall, which you have disabled, therefore the ports are open just unresponsive which makes them appear closed.
If the port is enabled in the firewall in terminal using
sudo apt-get install ufw
sudo ufw allow ssh
sudp ufw allow https
sudo ufw allow http
sudo reboot
and enabled in the aws console as a rule, the port is open and just not responsive so it's seen as closed. By installing either nginx or something that binds to port 80, external requests to that port will be connected successfully, and the port will therefore be recognized as open. The reason ssh is recognized as open is because 1. it has firewall transparency, and 2. it is always listening (unlike port 80!).
Before installing nginx even though ports are allowed thru firewall:
sudo apt-get install nginx
sudo ufw allow 'Nginx HTTP'
sudo systemctl status nginx
(more nginx info)
After:
Simple port tester tool here
I am trying to secure my apache with Let's Encrypt on Ubuntu 18.04,
I ran these commands:
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt install python-certbot-apache
$ sudo ufw enable
$ sudo ufw allow 'Apache Full'
After the last command, The terminal froze, so I decided to close it and reconnect hoping it would really reconnect.
Unfortunately, it returns with a message saying:
ssh: connect to host <...some public ipv4 DNS> port 22: Connection timed out
I checked the security groups to see if SSH is set to Anywhere and yes its set.
My guess is I messed up the ufw configs(or maybe not), but I can't confirm it because I cant ssh to my ec2 instance.
EDIT:
I tried stopping and starting the instance, causing it to change its public ip address, which I still cant ssh to :(
Issue might be because ufw by default doesn't have allow 22 rule set, so before you enable ufw try running sudo ufw allow 22 or sudo ufw allow ssh.
To allow ssh before enabling ufw try running the below command which adds the rule to /etc/ufw/user.rules
sudo ufw allow ssh
So when user enables ufw it reads the already existing rules from the file, and doesn't terminate or block the user out of the access.
And then running the following commands will make it easy for the user to access the instance without any issues.
sudo ufw enable
sudo ufw allow 443
sudo ufw status
However, when coming to cloud provisioned instances, it's more likely and easy to play with security groups which would give a higher level of access to play with a specific instance and their corresponding rules.
I ssh to GCP Centos vm instance by port 22 but I run firewall-cmd script to block all incoming port except 80. Now I cannot ssh to connect my vm instance due to port 22 is blocked. Is there any solution to allow ssh again because I can not do anything. Please help.
Sincerely
Bom
You can solve this by creating a startup-script with the firewall-cmd commands you need to have the port 22 opened and then apply it to your instance.
I am unable to reach EC2 instance after installing NGINX on that EC2 instance didn't get why this happen I just run below commands:
sudo apt update
sudo apt install nginx
sudo ufw app list
sudo ufw enable
sudo ufw allow 'Nginx HTTP'
sudo ufw status
before installing NGINX i am able to take SSH connection of EC2 but after doing this I am not reach to EC2 i cross check everything
SG Inbounds has enable 22 port [trying with all of three MyIp,Custom,Anywhere],
VPC has internet gateway which is properly bind
is there anything that i left?
or
"sudo ufw enable"
command run on my EC2 is creates the issue
Stop the running EC2 instance
Detach its /dev/sda1 volume
Start another EC2 instance, it should be on the same subnet
Attach volume to the new micro instance, as /dev/xvdf
SSH to the new instance and mount the volume to /mnt/tmp
sudo fdisk -l # check volumes and find the volume we wanna mount, in my case it's /dev/xvdf1
sudo mkdir /mnt/tmp
sudo mount /dev/xvdf1 /mnt/tmp
Disable UFW by setting ENABLED=no in /mnt/tmp/etc/ufw/ufw.conf
cd
sudo nano /mnt/tmp/etc/ufw/ufw.conf
Exit
Terminate the new instance
Detach the volume from it
Attach volume back to the main instance as /dev/sda1 Start the main instance
Login as before
Enable ssh connections
sudo ufw allow ssh
sudo ufw enable
Kudos to: https://stackoverflow.com/a/49432706
You should allow SSH connections before enabling the firewall so;
Execute
sudo ufw allow ssh
Before
sudo ufw enable
I cannot connect to my fresh new instance of SQL Server Express Edition from the Internet.
~$ sudo nc -vz <HOST>.eu-west-3.rds.amazonaws.com 1433
nc: connect to <HOST>.eu-west-3.rds.amazonaws.com port 1433 (tcp) failed: Connection timed out
I have already configured AWS security group assigned to this database instance. My inbound and outbound rules are:
type: all trafic
protocol: all
port range: all
source: ::/0
Also, everything looks fine on AWS Management Console:
DB instance status: available
Pending maintenance: none
Publicly accessible: Yes
Locally, I have also disabled my ufw:
~$ sudo ufw status verbose
Status: inactive
and iptables:
~$ sudo iptables -P INPUT ACCEPT && sudo iptables -P OUTPUT ACCEPT && sudo iptables -P FORWARD ACCEPT && sudo iptables -F
But still, nothing works. (the same happens both to my SQL Server Express Edition and PostgreSQL 9.4.15 on AWS)
According to your description I assume you want to access your RDS from Internet.
In order to access the RDS ensure this points:
RDS must be in a public VPC subnet.
RDS must be configured with "Public accessibility" = "Yes"
Security Group should contain 0.0.0.0/0 (IPv4) and ::/0 (IPv6)