26

I created a new instance (tiny, 64 bit AMI linux from Amazon) Created a new key pair called "mir". I downloaded mir.pem and put it in my ~/.ssh folder. I even did ssh-add mir.pem.

Then I tried to ssh ubuntu@public_DNS_from_amazon

Why doesn't it work!?

Jonik
  • 2,961
  • 4
  • 38
  • 48
Alex
  • 8,471
  • 26
  • 75
  • 99
  • 3
    what does ssh -v say ? – user9517 Jan 27 '11 at 21:06
  • 2
    Also, can you do a `telnet public_DNS_from_amazon 22`? This would rule out the firewall. – Andrew M. Jan 28 '11 at 02:07
  • 1
    I'ld avoid telnet and use nmap for checking open ports: `nmap -PN public_DNS_from_amazon -p 22`. (`-PN` in case the firewall blocks ping requests) – Lekensteyn Feb 12 '11 at 11:00
  • 2
    @Lekensteyn, there is absolutely no reason to avoid a telnet client in this case, it's perfectly fit for the job of checking ssh ports given you'll get cleartext info back in most cases. Nmap is (way) more rarely installed than telnet. – Shadok Nov 22 '11 at 15:30
  • possible duplicate of http://serverfault.com/questions/245916/why-cant-i-ssh-or-ping-my-brand-new-amazon-ec2-instance Answer that worked for me was that the default installation firewall is fully locked down as per this answer http://serverfault.com/a/245917/108387 – Richard Le Mesurier Jan 26 '12 at 11:34
  • In my case, my VPC Route table had black hole target for its 0.0.0.0/0 (internet) destinations! So I created and attached an Internet Gateway to my VPC. Then in the VPC Route Table, I set the internet gateway I created for 0.0.0.0/0 destination. My problem was fixed. – Kamran Bigdely Mar 19 '18 at 06:14

8 Answers8

18

Try ssh ubuntu@your.host.name -i your-private.key, instead of ssh-adding the key.

Oh, and make sure you allowed TCP port 22 through the Security Group.

Tom O'Connor
  • 27,480
  • 10
  • 73
  • 148
8

Does the security group (firewall configuration) allow SSH access?

More specifically - on the AWS management console page, select Security Groups in the left panel (towards the bottom) On the bottom-right panel, select "Inbound" tab, and make sure "Custom TCP rule" is selected. Enter 22 for the port number, click the "Add rule" button, then the "apply rule changes" button. No need to restart or reboot your instance, just need to enable TCP port 22 inbound

EEAA
  • 109,363
  • 18
  • 175
  • 245
Dennis Benzinger
  • 221
  • 1
  • 1
  • This answer did the trick for me. Also, since my instance run Ubuntu replace 'root' with ubuntu. Here's the line I connect with from the terminal: ssh -i ec2vpnkey.pem ubuntu@exxxxxxxxxx.compute-1.amazonaws.com –  Jul 14 '12 at 04:55
  • this should be the accepted answer. key information here is that the field "source" is not sufficient to have the security group itself. Source must be 0.0.0.0/0 – sgohl Aug 13 '17 at 15:51
  • This is especially true in case one tries to connect to its ec2 instance after some time has passed from one's last connection. In such case, the public IP address may have changed due to ISP related reasons (e.g., ISP's servers reboot), hence the Security Group's configuration must be updated as well. – OfirD Sep 22 '20 at 13:32
3

Try using either root or ec2-user as the username.

BenGC
  • 1,775
  • 15
  • 26
0

You need to open the ssh access to you instances with a ec2-authorize default -p 22 command. Have you done this?

timurb
  • 347
  • 4
  • 12
0

This has been happening to me on some of my EC2 boxes. In general, it appears that if a process is taking all the processor or is behaving badly and you get disconnected, SSH might not be able to pick up when you try to reconnect. Rebooting the box through AWS console often helps.

Eric Skiff
  • 101
0

It is also possible to launch an instance without associating it with a keypair. You might double check that when you launched your instance, you did so with the keypair you intended. If the instance launched with the wrong keypair, you'll need to relaunch your instance.

Jeff Stice-Hall
  • 349
  • 2
  • 5
0

Try

ssh -i ~/.ssh/mir.pem ec2-user@xxx.xxx.xxx.xxx

where the x's are your public ip

okcoker
  • 101
  • 2
0

To login to your AMI box you use the ec2-user. This means you would use the following to login: ssh -i mir.pem ec2-user@public_dns to login.