I am trying to use Vagrant to create AWS EC2 instances and it works great until it gets to the SSH part. Vagrant uses the public IP to try and SSH and that doesn't work with the EC2 instances I have created, I have to use the public DNS.
I opened 22 to every IP briefly and it did work, so its something to do with the firewall but I can't figure out what IPs I need to open (I have tired the (default) VPC CIDRs)
Can anyone point me in the right direction?
You will have to open the SSH port in NACL and SecurityGroup for the IP of your Vagrant machine. So figure out the IP of your Vagrant server (say X.X.X.X) and open port 22 for X.X.X.X/32 in the NACL as well as in SecurityGroup.
By adding the following line into the Vagrantfile, it forced Vagrant to use the servers private IP instead and therefore could SSH successfully.
aws.ssh_host_attribute = :private_ip_address
Hope this helps other people will the same issue
Related
I have a ec2 instance with public ip in public subnet Ubuntu 20.04, everything seems open- But I cant ping or ssh to the instance:
NACL ( I/b & O/b) : 100 - all/all 0.0.0.0/0
Route Table- 0.0.0.0/0 igw
SG: 8080, 443, 22 - 0/0
I have this " open address " hyperlink in the ec2 instance console next to public-IP and public DNS - when I try opening it does not open- can't reach this page - tries https://IP.
Putty times out, also cmd ssh:
ssh -i "pem-file.pem" ubuntu#IP
ssh: connect to host 'IP' port 22: Connection timed out
When an SSH connection times-out, it is normally an indication that network traffic is not getting to the Amazon EC2 instance.
Things to check:
The instance is running Linux
The instance is launched in a public subnet, which is defined as having a Route Table entry to points to an Internet Gateway
The instance has a public IP address, which you are using for the connection
The Network Access Control Lists (NACLs) are set to their default "Allow All" values
A Security Group associated with the instance that permits inbound access on port 22 (SSH) either from your IP address, or from the Internet (0.0.0.0/0)
Your corporate network permits an outbound SSH connection (try alternate networks, eg home vs work vs tethered to your phone)
See also: Troubleshooting connecting to your instance - Amazon Elastic Compute Cloud
If you continue to have problems, then use ssh -vvv ... to activate debugging, and add the output to your Question.
Once you have SSH working, then try to get 443 working.
Do not use Ping to test connectivity because that requires additional rules in the Security Group, and all it tests is whether Ping is working.
Reachability Analyzer is an easy solution. It will analyze the requested path and direct you to the problem.
1. VPC > Reachability Analyzer
2. Create and analyze path
In this case, I would check the path from the Internet GW to the instance on port 22
3. Find the problem
Once the analysis is completed you can find the issue. In my case it's a routing table with no route to the internet GW
4. Fix the problem
Let's add the needed route
5. Verify the path again
Rerun the analysis again
6. SSH is working
ssh -i "my_key.pem" ec2-user#ec2-900-227-116-41.compute-1.amazonaws.com
__| __|_ )
_| ( / Amazon Linux 2022 AMI
___|\___|___| Preview
http://aws.amazon.com/linux/amazon-linux-2022
Last login: Wed Dec 1 09:18:54 2021 from 84.110.59.182
[ec2-user#ip-264-31-83-228 ~]$
My situation is that i can ping my EC2 instance using command shell of my PC but i cant connect to it using ssh (putty) ... i was able to do that this morning , was trying to send some files using scp , then i lost connection , i rebooted the instance many times but i still cant get access using ssh , i can still ping it tho .(i allowed all trafic in security group)
Thank you.
It seems when you rebooted, Your Server IP is changed. You copied new server IP in PING. Now For SSH you need to use same IP.
So Steps for SSH will be
Copy Public IP or use connect to instance option from EC2 Console.
Check which server you created(Ubuntu server username is ubuntu,while for amazon linux-ami is ec2-user)
Remember to launch your server in public subnet.
In case you have security group open to public, you should be able to SSH by above steps.
Thanks,
AB
I am new to setting up virtual machines. I created my first Ubuntu instance using AWS EC2. Everything seemed to check out until I tried connecting to it with ssh, as per instructions.
To provide some context, my app is called "smpapp". My computer is macOS High Sierra. Naturally, my smpapp.pem file saved to ~/Downloads. First, I opened up the Terminal and set my working directory to Downloads with cd ~/Downloads. Then I entered chmod 400 smpapp.pem, which didn't return any error, so I assume it was a success. Then, I entered ssh -i "smpapp.pem" ubuntu#ec2-XX-XX-XXX-XXX.us-east-2.compute.amazonaws.com (omitting public DNS numbers with Xs). It took awhile to process before spitting out, ssh: connect to host ec2-XX-XX-XXX-XXX.us-east-2.compute.amazonaws.com port 22: Operation timed out.
Can someone explain the general problem to me and how I can fix it (methodically and in layman's terms)?
Could be a few things:
Does your ec2 instance have a public ip? (if not, you might have to attach an elastic ip or put it in a public subnet)
Is the security group attached to the ec2 instance allowing connections to port 22?
Is the ACL on the subnet allowing public connections to the subnet?
Is your VPC configured to routetraffic through your IGW?
Amazon offers step by step instructions on determining the issue, it could be for any reason of the above not being configured properly. You can find step by step instructions on what do in the official amazon docs here.
I am currently overseas and I am trying to connect to my EC2 instance through ssh but I am getting the error ssh: connect to host ec2-34-207-64-42.compute-1.amazonaws.com port 22: Connection refused
I turned on my vpn to New York but still nothing changes. What reasons could there be for not being able to connect to this instance?
The instance is still running and serving the website but I am not able to connect through ssh. Is this a problem with the wifi where I am staying or with the instance itself?
My debugging steps to EC2 connection time out
Double check the security group access for port 22
Make sure you have your current IP on there and update to be sure it hasn't changed
Make sure the key pair you're attempting to use corresponds to the one attached to your EC2
Make sure your key pair on your local machine is chmod'ed correctly. I believe it's chmod 600 keypair.pem check this
Make sure you're in either your .ssh folder on your host OR correctly referencing it: HOME/.ssh/key.pem
Last weird totally wishy washy checks:
reboot instance
assign elastic IP and access that
switch from using the IP to Public DNS
add a : at the end of user#ip:
Totally mystical debugging sets for 6 though. That's part of the "my code doesn't work - don't know why. My code does work - don't know why." Category
Note:
If you access your EC2 while you are connected to a VPN, do know that your IP changes! So enable incoming traffic from your VPN's IP on your EC2 security group.
In AWS, navigate to Services > EC2.
Under Resources, select Running Instances.
Highlight your instance and click Connect.
In Terminal, cd into the directory containing your key and copy the command in step 3 under "To access your instance."
In Terminal, run: ssh -vvv -i [MyEC2Key].pem ec2-user#xx.xx.xx.xx(xx.xx.xx.xx = your EC2 Public IP) OR run the command in the example under step 4.
Just check if your public ip that you get when you are on VPN is configured as a source address in the SG inbound entry that opens up port 22.
You can check your ip using https://www.google.co.in/search?q=whats+my+ip, when connected to your VPN.
I tried everything in this and several other answers, also in some aws youtube videos. Lost perhaps five hours over a few sessions trying to solve it and now finally..
I was getting the exact same error message as the OP. I even rented another EC2 instance in a nearer data centre for twenty minutes to see if that was it.
Then I thought it might be the router or internet provider in the guest house where I am staying. Had already noticed that some non-mainstream news sites had been blocked - and that was it!
You can check if the router is blocking port 22:
https://superuser.com/questions/1336054/how-to-detect-if-a-network-is-blocking-outgoing-ports
cardamom#neptune $ time nmap -p 22 portquiz.net
Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-03 20:43 CET
Nmap scan report for portquiz.net (27.39.379.385)
Host is up (0.028s latency).
rDNS record for 27.39.379.385: ec2-27-39-379-385.eu-west-3.compute.amazonaws.com
PORT STATE SERVICE
22/tcp closed ssh
Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
real 0m0,212s
user 0m0,034s
sys 0m0,017s
Then, the question of why someone would want to block the ssh port 22 is addressed in at length here:
https://serverfault.com/questions/25545/why-block-port-22-outbound
Had the same problem after creating some instances on a new VPC. (If internet SSH worked before this solution may not work for you)
When creating a new VPC, make sure you create an internet gateway (VPC -> Internet Gateways)
And also make sure that your VPC's routing table (VPC -> Route Tables) has an entry which redirects all IPs (or just your IP) to the internet gateway you just created.
For me, it was because of this:
NOT ec2-user#xx.xx.xx.xx
BUT THIS =>>> ubuntu#xx.xx.xx.xx
Watch the image of EC2 instance!
Instead of
ssh -i "key.pem" ubuntu#ec2-161-smth.com
use
ssh -i "key.pem" ec2-user#ec2-161-smth.com
Trying to ssh into my amazon EC2 linux instance from a Windows 10 box. I have got openssh for windows from https://www.mls-software.com/opensshd.html . I know that I am behind a corporate firewall and a web proxy. My Inbound rule settings on the EC2 instance is
ssh -i "awslamp.pem" ec2-user#ec2-xx-xx-xx-xxx.ap-southeast-2.compute.amazonaws.com
gives
port22: Connection refused
Have you tried "my ip" in inbound rule settings? Also, try allowing SSH from all IP addresses for troubleshooting purposes. I know that it's not the recommended settings. It's just for troubleshooting and making sure that your corporate network allows you to connect to it. Do not forget to change the settings back to custom.