FileZilla throws errors when trying to connect to AWS instance via SFTP mode. Instance is running on Ubuntu 13.10.
Error: Connection refused
Error: Could not connect to server
Connection params:
Host: XX.XX.X.XXX
Username: ubuntu
Port: 22
Problem solved: seems that my instance was glitchy. Terminated the old one and create new. Working now.
By default the Security groups keeps all the ports closed. You need to enable the SFTP port in the security group: Amazon EC2 Security Groups
Another, thing is to ensure an SFTP server is running on the instance (you can login/SSH to the instance and try connecting SFTP locally and check this).
Open the appropriate inbound port in your Security Group as described here.
Import the .pem key pair associated to your EC2 instance into FileZilla.
The way to access your instance is described here.
Related
We were able to ssh to the EC2 instance using the connect details until today; when it stopped working and I get the below error:
root#DKERP:~# ssh -i "gindustries.pem" ubuntu#ec2-15-184-231-34.me-south-1.compute.amazonaws.com
ssh: connect to host ec2-15-184-231-34.me-south-1.compute.amazonaws.com port 22: Connection timed out
Also, the telnet to public IP & port 22 is not working
root#DKERP:~# telnet 15.184.231.34 22
Trying 15.184.231.34...
telnet: Unable to connect to remote host: Connection timed out
The session manager is also failing to connect with the below error:
We weren't able to connect to your instance. Common reasons for this include:
SSM Agent isn't installed on the instance. You can install the agent on both Windows instances and Linux instances.
The required IAM instance profile isn't attached to the instance. You can attach a profile using AWS Systems Manager Quick Setup.
Session Manager setup is incomplete. For more information, see Session Manager Prerequisites.
There are no firewalls in AWS configurations.
Overview:
Security Groups:
Instances:
Network Interface:
VPC:
Network ACLs:
The system logs are updated here: https://pastebin.com/RhAG5DzP
Kindly suggest.
The Connection timed out message normally indicates that there is no network connectivity.
In most cases, this is due to the Security Group.
The steps to check it are:
Select the instance in the Amazon EC2 management console
Go to the Security tab
Check the Inbound rules
To permit an SSH connection, there needs to be a rule that permits port 22 (SSH) and the source set to your IP address or from the whole Internet (0.0.0.0/0) -- preferably only your IP address so that everybody else will be blocked.
When launching an Amazon EC2 instance from the console, it will default to creating a new Security Group called launch-wizard. However, it is generally better to create your own Security Group with a useful name and only the rules you want. You can then re-use that Security Group in future for similar instances.
Launching an AWS EC2 instance seems quite straightforward although when it comes to connecting to the newly launched instance things get sticky. The process for connecting to an instance proposed by such a tech giant is very counter-intuitive.
As a short reminder I should add that an "instance" is technically a virtual machine running on Amazon's Elastic Compute Cloud (EC2), for more info one could have a look at this link.
The ec2 instance referred to in this discussion is Ubuntu Server 20.04 LTS (HVM).
The instruction for working with EC2 Linux instances is given here.
AWS EC2 proposes three different ways of connecting to an instance:
EC2 Instance connect (browser-based SSH connection),
Session Manager
SSH Client
Now with regard to connecting to the above-mentioned instance there are only certain connections that establish correctly and the rest of the proposed methods fail, here is the list of connection successes and failures :
Ubuntu instance, security group source "Custom=0.0.0.0/0", Connection establishes using both EC2 Instance Connect (browser-based SSH connection) and SSH client.
Ubuntu instance, security group source "My IP=$IP", Connection establishes only using SSH client (terminal on Ubuntu and PuTTY on windows) and not using EC2 instance connect.
Both above cases have been tried on Ubuntu 20.04 and Windows 10 as local machine and the problem remains similar on both machines. I went through most of the failure cases discussed in the troubleshooting documents proposed here and verified them on my instance. Yet the problem persists. I should also add that I never tried "session manager" connection method although opening its tab already would give some info about "not installed" agents and features.
Any idea regarding this problem? Somebody out there facing the same issue?
From Docs
(Amazon EC2 console browser-based client) We recommend that your instance allows inbound SSH traffic from the recommended IP block published for the service.
Reason for this -> EC2 Instance Connect works by making an HTTPS connection between your web browser and the backend EC2 Instance Connect service on aws. Then, EC2 Instance Connect establishes a "mostly normal" SSH connection to the target instance in other words the request is going from backend ec2 instance connect and not your browser that is why it needs IP address from accepted ranges of that region .
Browser based EC2 Instance Connect uses specific IP ranges for browser-based SSH connections to your instance. These IP ranges differ between AWS Regions. To find the AWS IP address range for EC2 Instance Connect in a specific Region, use the following( just replace your region with your region) ( for Linux required curl and jq as prerequisite)
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json| jq -r '.prefixes[] | select(.region=="Your region") | select(.service=="EC2_INSTANCE_CONNECT") | .ip_prefix'
whatever the value is returned just add up to your security rule and it will work.
Ubuntu instance, security group source "Custom=0.0.0.0/0", Connection establishes using both EC2 Instance Connect (browser-based SSH connection) and SSH client.
this works because 0.0.0.0/0 allows connection from all the IP ranges( which includes your region IP too).
for more details try reading this troubleshoot
Yesterday, I updated my Django website (on AWS EC2) to HTTPS by using lets-encrypt. Everything works well. The website has HTTPS green icon as expected.
Today when I try to connect my instance by using SSH. The connection keep hunging. Finally, It give some message like "ssh: connect to host ec2-34-202-93-189.compute-1.amazonaws.com port 22: Resource temporarily unavailable".
I thought it might be security group problem of this instance. So I double checked my security group setting of this instance, the SSH, HTTP and HTTPS port are all open correctly. I created another instance to test if there is any problem on my local. The new instance connected successfully. Then I apply the new instance to the security group that I made for the previous instance and It connected. Then I apply the previous instance to the new security that I made for the new instance, the connection got frozen again. I also tried to connect with putty and it was not working as well.
Now I am really confused. My local machine is Windows subsystem of Linux. My EC2 instance is Ubuntu 16. I am using Nginx as web server. My ssh command is "ssh -i blog_project.pem ubuntu#ec2-34-202-93-189.compute-1.amazonaws.com".
Here is my security group setup for the instance.
This is the result I command "ssh -vvv -i blog_project.pem ubuntu#ec2-34-202-93-189.compute-1.amazonaws.com"
BTW, Is there any way that I can login to my instance without ssh connection? Is there anything like console or shell inside the AWS that I can touch with my instance?
Check if the instance exists on AWS, maybe a new one was created with different Public DNS (xxxx.compute-1.amazonaws.com) than the one you are using in your command.
I have set up a a micro EC2 instance on AWS. Currently, I am using the free tier in Oregon. There are two problems which I am facing.
When I try to SSH the instance using the public DNS, it says host does not exist but when I try conencting it using the public IP, it connects to it. What setting is needed to use the public DNS ?
I have opened the SSH client using the IP address. I want to set up my application which needs Node.js and MongoDB. I installed Node.js using this
Next I installed MongoDB using this
Then I connected to my instance using Filezilla and uploaded my code to it. I then start my node application which uses socket.io.
When I try to connect to socket.io server using web browser, I get a message which says connection refused "error 111". I have opened TCP port 80 in instance's security groups. In iptables, I have forwarded port 80 to 8080, but still it does not work. I have also checked that the firewall is disabled in ec2. Kindly help me to resolve this issue.
Did you check if all of the necessary ports are open on Amazon Security Policy?
What you can do is to allow all traffic on Amazon Security Policy for test and see if the connection goes well or not.
You might also check if you need access DB from outside. In that case, you also have to open the mongodb port and setup mongodb correctly as well.
Other tools that might useful to test firewall and connection issue will be tcpdump and syslog file
For the dns issue, did you try to nslookup on that name and see if the IP shown matches your server IP?
As Amazon gives a long DNS hostname for the server, I always use my own domain name. It's much easier.
example : ec2.domainname.com, which points to the Amazon IP address
Hope that help.
My problem is resolved now..
For the DNS issue, earlier I needed proxy to access internet, so I guess the DNS name was not getting resolved. When I tried using proxy free internet, I was able to ssh using public DNS.
And regarding connection to socket.io, I used port 8080 instead of 80 and used "sudo node main.js" to run my node file. Now I am able to connect to the socket.io server and MongoDB.
Another thing which I want to ask is that would running the node file with sudo rights create some security issue ?
Thanks for the answer! That also worked for me. I had the same problem trying to connect through sockets (http://myipaddress:3000) to a node.js server, i tried opening ports on the actual ec2 instance and disabling the firewall through SSH but nothing worked. Had to go to Security Groups on the ec2 console and open a new inbound tcp rule enabling that port
I am having some issues with connecting to ubuntu instance in amazon. I can connect to the default instance with default AMI installation. But when I select ubuntu, I cannot ssh into it.
It says operation timeout. I have tried instantiating other instances rebooting changing key pairs etc.
ssh -i mykey.pem ubuntu#ec2-54-203-164-37.us-west-2.compute.amazonaws.com
ssh: connect to host ec2-54-203-164-37.us-west-2.compute.amazonaws.com port 22: Operation timed out
The strange thing when I stop the instance, then only the ssh command connects and says the are you sure you want to verify the fingerprint thing.
I can easily log into the micro instance with the default AMI installation
I have added the ssh port in the security group as well
Have you tried connecting via Putty ,just use a ppk file and please check once
also you can add ICMP to your Security Group and check for ping resposnses
Regards
Devashish