I cannot connect to any machine I create on EC2 that belongs to the C3 family.
I have no problem connecting with SSH to any other type of machine.
What do I need to do to further debug this?
The steps I've taken:
I create a t1.micro machine with the same image (an ubuntu 13.10 64bit AMI ami-2f252646), and the same key-pair, and hte same security group. It works fine.
I ssh to a t1.micro machine, and then ssh again from that machine to the C3 machine. That tells me the machine is up and running and my problem is connecting to the C3 machine from my PC directly (going through the office router).
I try to telnet to the t1.micro machine on port 22 - I get a connection.
I try to telnet to the C3 machine on port 22 - does not work.
I try to telnet to the C3 machine on port 22 from another PC, not from the office - I get a connection.
I tried this with several C3 type machines, all iwht the same result.
So:
The machine is up and running, and can accept connections.
There is obviously a problem in the coupling between my office connection and the C3 machine.
My office connection works fine with any other type of m1/c1/g1/m2 machine, so it's only the "3" family that has that problem.
I'm at a loss on how to solve this, or even debug this further. Right now I'm tunneling to my machine through a proxy t1.micro machine...
My operating system is itself Ubuntu 13.10
Here is a gist link to the output of my ssh -vvv command
It seems to get stuck at debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Solved it, with the help of AWS professional (paid) services.
The problem is with some of the authentication protocols.
I have a high (9000) MTU (minimal transfer unit) configured in my network connection, I need this to access big chunks of data.
The solution is either to lower the MTU to below 1400 (which is not good for me, because I need it), or to change the SSH config, which worked for me.
sudo vi /etc/ssh/ssh_config
and uncomment the lines starting with Ciphers and MACs
mine says:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-ripemd160
This is a bug from Ubuntu 12.10 and onwards (it works in 12.04 and below)
There is another option besides using just the provided pem with an Ami that you've created yourself.
Go back and spin up the current image on an instance size that you know works. Ssh into the instance as the main user and then create a secondary user and add them to the sudoers group.
sudo useradd -d /home/myuser -m myuser
sudo usermod -a -G sudo myuser
Then change to the new user and go to their home directory and create a .ssh folder, change this to 0700. Go inside the .ssh directory an vi (or your text editor of choice) and create an authorized_keys file.
Insert your PUBLIC key contents into this file.
Change the permissions on this file to 0600.
sudo su myuser
cd ~
mkdir .ssh
chmod 0700 .ssh
cd .ssh
vi authorized_keys
chmod 0600 authorized_keys
Exit out of the user. Before you exit the box you probably want to edit (as sudo) /etc/passwd and change the users shell from sh to bash.
Exit out of the box and test connecting with your new user before returning your new Ami.
Now spin up the new ami as a C3 instance and connect in with your user.
Related
I have been working on SSHing into an Ubuntu, AWS Linux 2, and AWS Windows servers. Though I am having trouble with Windows effort in the Windows Command Line. I know SSH should work on Windows 10 and I prefer not to involve PuTTY.
Q) What am I missing from my samples below that would help SSH from my Windows Command Line into a AWS Windows 10 Server?
Linux-2: ssh -i /path/my-key-pair.pem ec2-user#ec2-999-99-999-9.compute-1.amazonaws.com/ ec2-user#99.999.999.99
Format: ssh -i /path/XYZ.pem (PEM Key with path) ec2-user #(User ID for Linux 2) IP 4 Address
Ubuntu: ssh -i /path/my-key-pair.pem ubuntu#ec2-99-999-999-99.compute-1.amazonaws.com/ ubuntu#99.999.999.99
Format: ssh -i /path/XYZ.pem (PEM Key with path) Ubuntu #(User ID for Ubuntu) IP 4 Address
I believe my problem lies with my default User ID for Windows (Administrator#99.999.999.99), but I am not sure.
So, I have an ubuntu ec2 instance running, and wanted to establish an ssh(I am an Ubuntu 16.04 user). However, I do not think that I get the right response when I try to:
huzeyfekiran#huzeyfekiran-ThinkPad-L450:~/Downloads$ chmod 400 mykeypair.pem
huzeyfekiran#huzeyfekiran-ThinkPad-L450:~/Downloads$ ssh -i mykeypair.pem ubuntu#ec2-18-219-42-124.us-east-2.compute.amazonaws.com
The authenticity of host 'ec2-18-219-42-124.us-east-2.compute.amazonaws.com (18.219.42.124)' can't be established.
ECDSA key fingerprint is SHA256:T9J5/BH9RmALnv/6n4rUu0tw8nIFHn8zYvM9BwwP3fA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-18-219-42-124.us-east-2.compute.amazonaws.com,18.219.42.124' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-1047-aws x86_64)
* Documentation:
* Management:
* Support:
Get cloud support with Ubuntu Advantage Cloud Guest:
0 packages can be updated.
0 updates are security updates.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
I think that I do not get the right respond because when I try to connect to ec2 instance via jupyter notebook, the browser cant establish a connection and I am sure that I have firewall turned off. So, is there a problem with the SSH?
I am trying to connect to my ec2 instance from my chromebook using the secure shell extension but I keep getting the following error:
Loading NaCl plugin... done.
ssh: connect to host (public DNS) port 22: Connection refused
NaCl plugin exited with status code 255.
I have been following the steps on this site but with 0 success.
http://www.mattburns.co.uk/blog/2012/11/15/connecting-to-ec2-from-chromes-secure-shell-using-only-a-pem-file/
Help please.
If you're doing this on your chromebook, you should have developer mode enabled so that you can enter the console and execute Linux commands. Once developer mode is enabled, enter the console with ctrl+alt+t and then type in shell.
First you'll want to change the permissions of your .pem key. The ssh keygen won't run if the permissions aren't restricted enough.
sudo chmod 400 myKeyPair.pem
Next you'll want to generate your own public key with ssh-keygen like mentioned in the other links.
ssh-keygen -y -f myKeyPair.pem > myKeyPair.pub
After this, you'll want to create a file with no extension and the private key pair inside.
touch myKeyPair
After this, copy the contents of the .pem file to the file with no extension, myKeyPair.
sudo cat myKeyPair.pem > myKeyPair
Next you'll want to open up the secure shell extension, which can be found here.
Enter your connection information for your machine and don't forget to specify the port number. When it comes to importing the key pair, select both the myKeyPair.pub and the myKeyPair files using ctrl.
That's it, you should be connected!
I have just launched a new Amazon AWS EC2 instance. It is a Suse server.
I am attempting to connect to it through SSH using my private key. It has been 'Permanently added' to my 'to the list of known hosts.' with my private key.
However -
I am not logged in to the server. It is requesting a password. Though it is supposed to use my private key without a password. (as described here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html)
What should I do?
--
More details:
I ran it again with debug: added -v: ssh -v -i ...
These are the last few lines in the shell (up to here it seems to be fine) before I am asked for pwd:
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: my-private-key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
I have just solved this. It is a bit of a workaround. The problem may have been the type of server used, Suse. I used ec2-user for username, but it may be different for different servers. This is the one for Amazon Linux AMI (and also for Ubuntu I believe), but apparently not for Suse.
I stopped (/terminated) this instance, and launched a new AMI Amazon Linux server instance instead.
Connecting to SSH there worked like a charm. Using ssh -v -i my-private-key.pem ec2-user#publicaddressblahblah.compute.amazonaws.com
I was not asked for a pwd here.
If your local box is Linux
The first thing you want to make sure of is that you have your key loaded into ssh-agent and into ssh-add (on your client machine).
08:10:51 ~$ ssh-agent
SSH_AUTH_SOCK=/var/folders/ps/1dvr90bd6p3blnyrnpyxnryhv45qg1/T//ssh-K8VbUYmYYj4w/agent.9087; export SSH_AUTH_SOCK;
SSH_AGENT_PID=9088; export SSH_AGENT_PID;
echo Agent pid 9088;
Run each of these lines (to declare the variables you need). Then run ssh-add.
08:17:33 ~$ ssh-add
Enter passphrase for /Users/kyle/.ssh/id_rsa:
Identity added: /Users/kyle/.ssh/id_rsa (/Users/kyle/.ssh/id_rsa)
To put it all in one line:
$ eval `ssh-agent`; ssh-add
Workaround to make sure you're loading the right key
You can tell SSH to load a specific key using the -i option.
$ ssh -i ~/.ssh/other_rsa ec2-user#<ip>
Username woes
If this is an Amazon Linux box, the user is ec2-user. For some AMIs, they have other users set up (ubuntu on ubuntu). Check the documentation to see if they have any specific requirements.
$ ssh ubuntu#IP
On trying with user "root", it worked for me.
ssh -i root#server-name
The documentation says the user could be either ec2-user or root:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
i solved this by changing my proxy server from Hk to Japan. my ec2 instance is in japan, but my proxy server is in Hk, so it let me type pwd, but when i change my proxy server to Japan, no need to type the pwd
The command vagrant up is failing and I don't know why.
$ egrep -v '^ *(#|$)' Vagrantfile
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "precise32"
end
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
[default] Importing base box 'precise32'...
[default] Matching MAC address for NAT networking...
[default] Setting the name of the VM...
[default] Clearing any previously set forwarded ports...
[default] Creating shared folders metadata...
[default] Clearing any previously set network interfaces...
[default] Preparing network interfaces based on configuration...
[default] Forwarding ports...
[default] -- 22 => 2222 (adapter 1)
[default] Booting VM...
[default] Waiting for VM to boot. This can take a few minutes.
The VM failed to remain in the "running" state while attempting to boot.
This is normally caused by a misconfiguration or host system incompatibilities.
Please open the VirtualBox GUI and attempt to boot the virtual machine
manually to get a more informative error message.
$ vagrant status
Current machine states:
default poweroff (virtualbox)
The VM is powered off. To restart the VM, simply run `vagrant up`
$ VBoxManage list runningvms
$
Here are the messages in the VirtualBox log file, VBoxSVC.log:
$ cat ~/.VirtualBox/VBoxSVC.log
VirtualBox XPCOM Server 4.2.16 r86992 linux.amd64 (Jul 4 2013 16:29:59) release log
00:00:00.000499 main Log opened 2013-08-13T18:40:45.907580000Z
00:00:00.000508 main OS Product: Linux
00:00:00.000509 main OS Release: 3.6.11-4.fc16.x86_64
00:00:00.000510 main OS Version: #1 SMP Tue Jan 8 20:57:42 UTC 2013
00:00:00.000537 main DMI Product Name: X8DA3
00:00:00.000547 main DMI Product Version: 1234567890
00:00:00.000647 main Host RAM: 24103MB total, 17127MB available
00:00:00.000654 main Executable: /usr/local/VirtualBox/VBoxSVC
00:00:00.000655 main Process ID: 9417
00:00:00.000656 main Package type: LINUX_64BITS_GENERIC
00:00:00.110125 nspr-2 Loading settings file "/opt/tomcat/.VirtualBox/VirtualBox.xml" with version "1.12-linux"
00:00:00.110817 nspr-2 Failed to retrive disk info: getDiskName(/dev/md126p1) --> md126p1
00:00:00.264367 nspr-2 VDInit finished
00:00:00.275173 nspr-2 Loading settings file "/opt/tomcat/VirtualBox VMs/vagrant_getting_started_default_1376419129/vagrant_getting_started_default_1376419129.vbox" with version "1.12-linux"
00:00:05.288923 main ERROR [COM]: aRC=VBOX_E_OBJECT_IN_USE (0x80bb000c) aIID={29989373-b111-4654-8493-2e1176cba890} aComponent={Medium} aText={Medium '/opt/tomcat/VirtualBox VMs/vagrant_getting_started_default_1376419129/box-disk1.vmdk' cannot be closed because it is still attached to 1 virtual machines}, preserve=false
00:00:05.290229 Watcher ERROR [COM]: aRC=E_ACCESSDENIED (0x80070005) aIID={3b2f08eb-b810-4715-bee0-bb06b9880ad2} aComponent={VirtualBox} aText={The object is not ready}, preserve=false
$
Any advice would be greatly appreciated.
Had the same error on OSX. Restarting VirtualBox fixed it :S
sudo /Library/StartupItems/VirtualBox/VirtualBox restart
Also see: https://forums.virtualbox.org/viewtopic.php?t=5489
I solved the problem by re-installing VirtualBox and adding myself to the vboxusers group. The re-installation process printed a message indicating that VM users had to be a member of that group. I don't know if the re-installation was necessary or if being added to the group would have sufficed.
The host machine was 32bits (Ubuntu) and the guest was 64bit, I changed the guest to 32 and it solved the problem.
My understanding is that vboxusers group is related to accessing USB devices within the guest. Not sure why it is causing the issue. Normally, as a vagrant base box build guideline, audio and USB are both disabled.
As per the VirtualBox Manual => The vboxusers group
The Linux installers create the system user group vboxusers during installation. Any system user who is going to use USB devices from VirtualBox guests must be a member of that group. A user can be made a member of the group vboxusers through the GUI user/group management or at the command line with sudo usermod -a -G vboxusers username
Note that adding an active user to that group will require that user to log out and back in again. This should be done manually after successful installation of the package.
I had the same problem. It is because I did a wrong configuration on my Vagrantfile in the provider section. I had tried to make my VM machine more powerfull, with 2 cpus when i have on the machine host just one.
this often happens when you try to add more hardware to your VM machine but your host machine does not have the minimun requirements