I have two instances
1. Bastion host instance
2. Amazon linux instance.
I can login in to bastion host instance and have added key of another Amazon linux instance in which i want to allow ssh access but when i try to run command in bastion host instance it doesn't work.My security group of both ec2 instances bastion host instance and amazon linux have set inbound traffic allow to all, more over VPC and subnet are also set with proper internet gateway.
ssh -A ec2-user#ip
Can any one tell what am i missing?
You have to use the path to key of the instance you are trying to connect and "-i" instead of "-A" check below command.
ssh -i /path-to-key/key.pem ec2-user#ip
You can run ssh in verbose mode (-v) to see if the relevant key is getting used or if any other issue:
ssh -v -A ec2-user#ip
Also the #IP in use is instance private IP address?
you have to use private key of the ec2 instance to login into it from the bastion host instance. You have to set the pem file to have permissions of 600. Also you can rename the key-file.pem to key-file just to avoid any unwanted attention to it. So the command would be :
ssh -i /path_to_key-file/key-file ec2-user#ec2_instance_ip
Related
My currently working SSH tunnel into a private EC2 instance's postgreSQL server is:
ssh -N -i my-keypair.pem -L 5555:10.1.22.67:5432 ec2-user#14.229.71.224
The keypairs were the same for both the bastion jump host and the private instance (my-keypair.pem).
However, now we use different keypairs, one for bastion host (my-keypair.pem) and another for private instance (my-different-keypair.pem). How can I amend the above SSH tunnel command, so that I can still use DBeaver to connect into postgreSQL on the private instance?
I have read several stackoverflow posts, but none seem to help.
I want to ssh into my ec2 instance, so I downloaded the private key file as stated in the instructions from aws. After executing "sudo ssh -v -i ubuntu#", my ssh server hangs with no success or failure message.
I made sure my ec2 instance can accept ssh connections and that my private key file does have the correct permissions. Any other debugging steps to resolve this issue ?
When an SSH connection times-out, it is normally an indication that network traffic is not getting to the Amazon EC2 instance.
Things to check:
The instance is running Linux
The instance is launched in a public subnet, which is defined as having a Route Table entry to points to an Internet Gateway
The instance has a public IP address, which you are using for the connection
The Network Access Control Lists (NACLs) are set to their default "Allow All" values
A Security Group associated with the instance that permits inbound access on port 22 (SSH) either from your IP address, or from the Internet (0.0.0.0/0)
Your corporate network permits an outbound SSH connection (try alternate networks, eg home vs work vs tethered to your phone)
See also: Troubleshooting connecting to your instance - Amazon Elastic Compute Cloud
I am trying to provision 2 ec2 instances on a private subnet using Ansible playbooks. My infrastructure includes:
Bastion Host on a public subnet
2 EC2 instances on 2 private subnets
NAT Gate for outgoing connections
Application Load Balancer
My question is how to run the Ansible playbook from localhost to affect the private instances. Can I SSH forward the playbook or does the playbook have to reside in the bastion host and then use the private IPs as hosts?
Create ssh-config file ~/.ssh/config and then add the following line to config file
host bastion
HostName bastion_ip
User bastion_user
identityFile ~/.ssh/mykey.pem
host private_instance
HostName 10.0.0.11
user private_ec2_user
ProxyCommand ssh bastion -W %h:%p
identityFile ~/.ssh/mykey.pem
My question is how to run the Ansible playbook from localhost to
affect the private instances.
Now you have configured ssh config file all you need to type
ssh private_instance
this will create SSH tunneling to your private instance, you do not need complex or lengthy command to type every time.
Ansible allows the use of SSH configuration options and ProxyCommand can come to rescue when trying to forward the command from bastion to private subnet hosts. Here is an example
ssh -o ProxyCommand="ssh ubuntu#52.50.10.5 'nc 192.168.0.20 22'" ubuntu#nothing
The above command will, for example, first connect to 52.50.10.5 via SSH, and then open a socket to 192.168.0.20 on port 22. The socket connection (which is connected to the remote SSH server) is then passed to the original SSH client command invocation to utilize.
Source : https://spin.atomicobject.com/2016/05/16/ansible-aws-ec2-vpc/
because i am running an application (airflow) in a python virtual environment on my ec-2 instance and i want to run a command in my default python environment on the same ec2-instance, i thought it was easier to ssh to my own instance and execute the command.
the problem i have is that i cannot connect to my own instance.
i added my security group id of my ec2-instance to my inbound configuration (ssh on port 22) but this did not work.
it does work when i set my ssh inbound configuration on port 22 from anywhere, but i don't want to do that.
my outbound config allows all traffic.
If you are connecting from another EC2 instance in the same subnet, you'll want to allow the private IP of that EC2 instance, not your local address.
I have Launched an Elastic Beanstalk application in a VPC with Amazon RDS (postgresql) using NAT Gateway (because I want to route my application traffic through a fix public ip address) following these instructions:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/vpc-rds.html
How can I ssh into the instance from my local system ?
eb ssh is showing following error however my instance is available and not terminating.
ERROR: This instance does not have a Public IP address. This is possibly because the instance is terminating.
How can I login to the postgresql client ?
Following command is not prompting anything:
psql --host= --port=5432 --username= --password --dbname=ebdb
I know they are in private subnet so can't be accessed from public network but I want to know the possibility of that. Please help !
You will have to have a server with a public IP (in a public VPC subnet) that you can connect to from outside your VPC. I recommend setting up a t2.nano server as a bastion host.
If you use VPN, you can also modify sshops.py to use the private DNS name. Varies by OS and version, but mine is located here:
~/Library/Python/2.7/lib/python/site-packages/ebcli/operations/sshops.py
Search for PublicIpAddress (mine is on line 88), and change it to read:
ip = instance['PrivateDnsName'] #was PublicIpAddress
It's too bad that the EB CLI isn't on Github...otherwise I'd contribute a way to do this via a parameter.
I also added a convenient alias for this:
alias appname='eb init appname;eb ssh --region=us-east-1 appname -n'
This allows running appname 1 or appname n, where n is the number of hosts in your cluster.