Sometime back everything was working fine and I was able to login via ssh. Suddenly the load on my instance went as high as 25, and I was't able to connect anymore. The error message I got was :
sh: connect to host xxx.xxx.xxx.xxx port 22: Connection refused
I looked for possible solutions and tried rebooting my instance from aws management console. It didn't work. I also stopped my instance and started it again after sometime. This too didn't work. I tried using the java login console that they provide on their control panel, that too gave the same error.
I tried a more verbose response using the command :
ssh -vvv root#xxx.xxx.xxx.xxx
This resulted in the output below :
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: connect to address xxx.xxx.xxx.xxx port 22: Connection refused
ssh: connect to host xxx.xxx.xxx.xxx port 22: Connection refused
I am guessing the sshd service somehow stopped. Is there anyway I could restart it ?
Also there was this weird thing I noticed last time I logged in. There were 3k+ unsuccessful login attempts since the last successful login (which was a couple of hours back). Could this be the reason why sshd stopped working or could it be the load shooting upto 25?
P.S.: I have port 22 open for all i.p. addresses for ssh under security groups from AWS management console
Related
Three weeks ago, I could launch an aws instance spot and ssh to it using:
ssh -v -i /home/me/.ssh/aws3.pem ubuntu#ec2-3-145-53-84.us-east-2.compute.amazonaws.com
where the adress was the one under 'Public IPv4 DNS'. Now they have changed the interface and when I go through the hops of launching a spot instance, and it runs, and I get the Public IPv4 DNS, and I plug it in the command above, I get:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.7, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/me/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-3-145-53-84.us-east-2.compute.amazonaws.com [3.145.53.84] port 22.
debug1: connect to address 3.145.53.84 port 22: Connection timed out
ssh: connect to host ec2-3-145-53-84.us-east-2.compute.amazonaws.com port 22: Connection timed out
Fixed. In the new launch menu you have to replace the default
security group (under additional launch parameters - optional) by one of the existing ones (I picked launch-wizard-1). I guess they updated the default launch security group to something less user friendly.
I'm having a recurrent problem while using the Google Cloud Platform. To illustrate what's happening I created a new VM, successfully connected to it via gcloud beta compute ssh, and suspended the instance.
After it was suspended, I resumed it, but wasn't able to connect to it via ssh anymore, I ran the command:
gcloud beta compute ssh --zone "us-central1-a" "test-vm" --project "my-project" --ssh-flag="-vvv"
and received the following output:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/guilherme/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "34.66.57.82" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 34.66.57.82 [34.66.57.82] port 22.
debug1: connect to address 34.66.57.82 port 22: Connection timed out
ssh: connect to host 34.66.57.82 port 22: Connection timed out
ERROR: (gcloud.beta.compute.ssh) [/usr/bin/ssh] exited with return code [255].
The suspend/resume was done in browser, on GCP's platform.
Because of this problem I have not been able to suspend any VMs, since I "lose" it everytime. Does anyone know how to properly suspend it? Thanks
If there was a change in the setup "gcloud" denies an ssh connection, you must update the ssh keys in your metadata by:
sudo gcloud compute config-ssh
If this complains about different entries in your config file where your ssh key entries are stored, ~/.ssh/config, delete this file and execute the above command again.
If the internal firewall of the system block port 22, you can try the following steps to fix it:
In the GCP Console, go to the VM Instances.
Select the instance and click edit.
Find Custom metadata option and Click Add item and Type startup-script as a key and Copy and past the command sudo ufw allow ssh as a value. This command will enabled port 22 for SSH.
Recommend this topic Troubleshooting SSH for your issue.
Although my issue looks very generic and common, it doesn't seem to be identical to anything discussed here in stackoverflow. SecurityGroup has been set up with "MyIP" for ssh connection and I have been using correct pub IP to connect. Yet, I'm still getting timeout error as below. Is there something that I need to change in my Mac?
MacBook-Pro ~ % ssh -vvv -i ~/Documents/awsdemo/aws-livelessons.pem ec2-user#18.181.146.195
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolve_canonicalize: hostname 18.181.146.195 is address
debug2: ssh_connect_direct
debug1: Connecting to 18.181.146.195 [18.181.146.195] port 22.
debug1: connect to address 18.181.146.195 port 22: Operation timed out
ssh: connect to host 18.181.146.195 port 22: Operation timed out
Here's my Security Group. You can see that it does have correct protocol and entered with my public IP.
Security Group Screenshot
And I can confirm that it does match when I look up via terminal.
MacBook-Pro ~ % dig TXT +short o-o.myaddr.l.google.com #ns1.google.com
"58.12.38.113"
And the EC2 instance does have this security group attached.
EC2 Instance Screenshot
If there are any other ways to troubleshoot this, I'd really appreciate it.
Based on the comments, the issue was due to use of non-default NACLs. The solution was to allow SSH in the NACLs.
I get a connection refused message when attempting to ssh to my ec2 server while tethering from my android phone.
ssh <server-ip>
I have added my IP address to the EC2 security group associated with the server.
I can ssh in fine when connected to WIFI, just not when I am tethering.
Any help to troubleshoot this would be appreciated.
akhosraviansMBP:~ akhosravian$ ssh -vvv <ip-address>
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/akhosravian/.ssh/config
debug2: ssh_connect: needpriv 0
debug1: Connecting to <ip-address> [<ip-address>] port 22.
debug1: connect to address <ip-address> port 22: Connection refused
ssh: connect to host <ip-address> port 22: Connection refused
If I allow connections from SSH 0.0.0.0/0 I am able to connect. Maybe the IP address I am getting from whatsmyip.com is incorrect? Where can I find my external IP address when tethering from my phone?
You will need to go into the port settings for the Security Group your instance is apart of. You will then need to set port 22 to 'allow from anywhere'
Due to your ip changing regularly when tethering (as you change mobile towers, location, etc) it will change often.
As you can see in the photo below, you would click where it says custom, type in ssh - which will set it to the default port, being 22, and then set the Source on the far right to 0.0.0.0/0
In my case I had to add to the Security Group both computer's and phone's IP addresses.
The phone kept changing quite often as well, so I ended up setting on a very open xxx.yyy.0.0/16 for both, which is not super good but better than "Allow From Anywhere".
The quickstart mentions a few times that, "You should be able to ssh into any node in your cluster ..." (e.g., http://kubernetes.io/v1.0/docs/user-guide/connecting-applications.html#environment-variables). I have tried as described below but I am getting timed out.
I used export KUBERNETES_PROVIDER=aws; curl -sS https://get.k8s.io | bash to start the cluster
I have only specified AWS_REGION in my environment
The nodes are residing in VPC and I am able to ping them from a bastion
This is the result:
ubuntu#ip-10-128-1-26:~$ ssh core#170.20.0.248 -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 170.20.0.248 [170.20.0.248] port 22.
debug1: connect to address 170.20.0.248 port 22: Connection timed out
ssh: connect to host 170.20.0.248 port 22: Connection timed out
ubuntu#ip-10-128-1-26:~$
Any idea or pointers would be appreciated. Thank you.
It looks like your problem is with making sure the corresponding security group is open to ssh from whichever nodes you'd like to connect from. Make sure it's open to the public IP or the private IP, depending on which you're connecting from. For the right ssh key to use: it'll be whichever one you setup when spinning up the nodes. You can check that in the EC2 pane of AWS in the "key pairs" side bar option: