I've carefully followed the instructions here and here, but still cannot connect to my new EC2 instance via SSH.
Yes, I have made sure that I allow inbound connections on port 22 from anywhere.
I have also enabled icmp from all over the universe for debugging purposes. You can see these settings in this screenshot:
So why can't I ssh to this machine via SSH?
$ ssh -vvv -i myKeyPair.pem ubuntu#ec2-X-X-X-X.us-west-2.compute.amazonaws.com
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ec2-X-X-X-X.us-west-2.compute.amazonaws.com http://X.X.X.X port 22.
debug1: connect to address X-X-X-X port 22: Operation timed out
ssh: connect to host ec2-X-X-X-X.us-west-2.compute.amazonaws.com port 22: Operation timed out
I can however ping it:
$ ping ec2-X-X-X-X.us-west-2.compute.amazonaws.com
PING ec2-X-X-X-X.us-west-2.compute.amazonaws.com (X.X.X.X): 56 data bytes
64 bytes from X.X.X.X: icmp_seq=0 ttl=42 time=91.994 ms
64 bytes from X.X.X.X: icmp_seq=1 ttl=42 time=91.922 ms
Is it because the SSH Daemon is not running on the box? How can I start that daemon if I can't even get on the box?
Can you telnet from your machine to this instance on port 22 and see that it's listening?
How about if you connect an Elastic IP and see if that helps anything?
If this instance was spun up in a VPC are your Security Groups and ACLs allowing outbound traffic on high ports to all addresses (0.0.0.0/0) or at least your address?
Related
Three weeks ago, I could launch an aws instance spot and ssh to it using:
ssh -v -i /home/me/.ssh/aws3.pem ubuntu#ec2-3-145-53-84.us-east-2.compute.amazonaws.com
where the adress was the one under 'Public IPv4 DNS'. Now they have changed the interface and when I go through the hops of launching a spot instance, and it runs, and I get the Public IPv4 DNS, and I plug it in the command above, I get:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.7, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/me/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-3-145-53-84.us-east-2.compute.amazonaws.com [3.145.53.84] port 22.
debug1: connect to address 3.145.53.84 port 22: Connection timed out
ssh: connect to host ec2-3-145-53-84.us-east-2.compute.amazonaws.com port 22: Connection timed out
Fixed. In the new launch menu you have to replace the default
security group (under additional launch parameters - optional) by one of the existing ones (I picked launch-wizard-1). I guess they updated the default launch security group to something less user friendly.
I am trying to connect to an EC2 machine with the following command line on my terminal:
ssh -i id_rsa_aws <ec2_ip_address> -l ec2-user -vvv
Here is the result:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolve_canonicalize: hostname <ec2_ip_address> is address
debug2: ssh_connect_direct
debug1: Connecting to <ec2_ip_address> [<ec2_ip_address>] port 22.
debug1: Connection established.
debug1: identity file id_rsa_aws type 0
debug1: identity file id_rsa_aws-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
ssh_exchange_identification: read: Operation timed out
My ssh_config file:
Host *
SendEnv LANG LC_*
I know the problem must come from my computer. I have tried using the .pem file and I am getting the same error.
Any help would be appreciated.
Thank you
Things to check:
The instance is running Linux
The instance is launched in a public subnet, which is defined as having a Route Table entry to points to an Internet Gateway
The instance has a public IP address, which you are using for the connection
The Network Access Control Lists (NACLs) are set to their default "Allow All" values
A Security Group associated with the instance that permits inbound access on port 22 (SSH) either from your IP address, or from the Internet (0.0.0.0/0)
Your network permits an outbound SSH connection (try alternate networks, eg home vs work vs tethered to your phone)
See also: Troubleshooting connecting to your instance - Amazon Elastic Compute Cloud
$ ssh -vvv -i "AMSKeyPair.pem" ec2-user#ec2-52-43-0-65.us-west-2.compute.amazonaws.com
OpenSSH_7.4p1, LibreSSL 2.5.0 debug1: Reading configuration data
/etc/ssh/ssh_config debug2: resolving
"ec2-52-43-0-65.us-west-2.compute.amazonaws.com" port 22 debug2:
ssh_connect_direct: needpriv 0 debug1: Connecting to
ec2-52-43-0-65.us-west-2.compute.amazonaws.com [52.43.0.65] port 22.
debug1: connect to address 52.43.0.65 port 22: Operation timed out
ssh: connect to host ec2-52-43-0-65.us-west-2.compute.amazonaws.com
port 22: Operation timed out
Corresponding Security Group allos all inbound traffic on all ports.
I tried on different internet connections, so I don't think NAT is there.
PS: I am not a first time ec2 user, used it before.
Changed Security Group's source from sg-57710f2a to 0.0.0.0/0
Now it works. As #john-hanley pointed out sg-57710f2a allows only connection from within host under that Security Group not outside
I did setup my 1st EC2 instance on AWS on a free tier using Ubuntu as the OS. I followed all the steps and my instance is up.
I´ve build the following security rules:
Ports Protocol Source Personal_SG_NVirginia
80 tcp 0.0.0.0/0 ✔
22 tcp 0.0.0.0/0 ✔
3306 tcp 0.0.0.0/0 ✔
443 tcp 0.0.0.0/0 ✔
-1 icmp 0.0.0.0/0 ✔
I can ping my instance, but cannot connect to it either using PuTTY, ssh on my linux and even on miniterm console.
$ ssh -vv -i "xxxx.pem" ubuntu#52.91.95.205
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 52.91.95.205 [52.91.95.205] port 22
debug1: connect to address 52.91.95.205 port 22: Connection timed out
ssh: connect to host 52.91.95.205 port 22: Connection timed out
Tha same happens if I use DNS name.
Miniterm console error:
Connection to 52.91.95.205: Connection timed out: no further information
I have already restarted the instance and recreated it, but no success at all.
Help appreciatted.
Verify the IP address is valid
$ ssh -vv -i "xxxx.pem" ubuntu#54.210.1133.50
Is this hand-written or did you copy and paste? The IP address is an invalid IP address ("1133" is >255), and doesn't match your debug output. Make sure you're connecting to the correct public IP address of the instance.
Verify you are using the correct user
Are you sure the initial user is "ubuntu"? Some EC2 Linux instances use "ec2-user" for the initial setup.
Try: ssh -vv -i "xxxx.pem" ec2-user#123.123.123.123
Verify default SSH port is not blocked (correct solution)
Per discussion below, it turns out that port 22 was blocked by the user's ISP. Switching to a non-standard port (2022) resolved the issue.
The quickstart mentions a few times that, "You should be able to ssh into any node in your cluster ..." (e.g., http://kubernetes.io/v1.0/docs/user-guide/connecting-applications.html#environment-variables). I have tried as described below but I am getting timed out.
I used export KUBERNETES_PROVIDER=aws; curl -sS https://get.k8s.io | bash to start the cluster
I have only specified AWS_REGION in my environment
The nodes are residing in VPC and I am able to ping them from a bastion
This is the result:
ubuntu#ip-10-128-1-26:~$ ssh core#170.20.0.248 -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 170.20.0.248 [170.20.0.248] port 22.
debug1: connect to address 170.20.0.248 port 22: Connection timed out
ssh: connect to host 170.20.0.248 port 22: Connection timed out
ubuntu#ip-10-128-1-26:~$
Any idea or pointers would be appreciated. Thank you.
It looks like your problem is with making sure the corresponding security group is open to ssh from whichever nodes you'd like to connect from. Make sure it's open to the public IP or the private IP, depending on which you're connecting from. For the right ssh key to use: it'll be whichever one you setup when spinning up the nodes. You can check that in the EC2 pane of AWS in the "key pairs" side bar option: