3

After I ran vagrant up --provider=aws, I could see an ec2 instance being created and became up and running. However it will invariably stuck at this point

==> default: Waiting for SSH to become available...

I had to ctrl-c the job which results in the termination of the said ec2 instance.

Part of the output is 

==> default:  -- Assigning a public IP address in a VPC: false

Could it be a reason?

I have double checked and ensured that my IP is allowed to connect to the VPC.

Here is a more verbose log output when the debug flag is set:

DEBUG ssh: Checking key permissions: /Users/antkong/.vagrant.d/insecure_private_key
 INFO ssh: Attempting SSH connection...
 INFO ssh: Attempting to connect to SSH...
 INFO ssh:   - Host: 54.186.111.213
 INFO ssh:   - Port: 22
 INFO ssh:   - Username: ubuntu
 INFO ssh:   - Password? false
 INFO ssh:   - Key Path: ["/Users/antkong/.vagrant.d/insecure_private_key"]
DEBUG ssh: == Net-SSH connection debug-level log START ==
DEBUG ssh: D, [2014-10-12T21:11:13.959627 #15559] DEBUG -- net.ssh.transport.session[80905170]: establishing connection to 54.186.111.213:22

DEBUG ssh: == Net-SSH connection debug-level log END ==
 INFO retryable: Retryable exception raised: #<Errno::ECONNREFUSED: Connection refused - connect(2)>
 INFO ssh: Attempting to connect to SSH...
 INFO ssh:   - Host: 54.186.111.213
 INFO ssh:   - Port: 22
 INFO ssh:   - Username: ubuntu
 INFO ssh:   - Password? false
 INFO ssh:   - Key Path: ["/Users/antkong/.vagrant.d/insecure_private_key"]
DEBUG ssh: == Net-SSH connection debug-level log START ==
DEBUG ssh: D, [2014-10-12T21:11:21.379386 #15559] DEBUG -- net.ssh.transport.session[81c9ff78]: establishing connection to 54.186.111.213:22

Here is a partial listing of the Vagrant file:

  config.vm.provider :aws do |aws, override|
    # Change these values
    aws.access_key_id = "XXXX"
    aws.secret_access_key = "XXXX"
    aws.keypair_name = "ubuntu-my-app"
    aws.security_groups = ["my-app"]

    # Specify parameters required for an EC2 instance
    aws.instance_type = "t2.micro"

    # aws.associate_public_ip = true
    # aws.elastic_ip = true

    # Tags
    aws.tags = {
      'Name' => 'vtest',
    }

    # Defalut to US West (Northern California)
    aws.region = "us-west-2"
    aws.ami = "ami-33db9803"

    # Use a dummy box for the AWS provider
    override.vm.box = "dummy"
    override.ssh.username = "ubuntu" # is it a problem?

    # Change this value to the path of your private key
    # Did not work; comment out for now 
    # override.ssh.private_key_path = "./anthony_aws.id_rsa"
  end

What is wrong with above setup/config files?

Anthony Kong
  • 3,288
  • 11
  • 57
  • 96

4 Answers4

3

Please check the followings:

  • Your private key should have minimal read permissions: 0600.
  • Your public key should be included in the authorized_keys file of the server user (~/ssh/authorized_keys)
  • The IP address you are connecting to should not already exists another host in ./ssh/known_hosts on your local system

  • Your EC2 instance should be in a Security Group which permits TCP 22 from 0.0.0.0/0, or the address you are connecting from, e.g.

    aws.security_groups = [ 'vagrant' ]

  • If you EC2 instance is in a VPC, the instance should be in a subnet which has both an Internet Gateway and a default route that flows through that Internet Gateway (this should be the case if you are using the default VPC in Amazon EC2).

kenorb
  • 6,499
  • 2
  • 46
  • 54
Garreth McDaid
  • 3,449
  • 1
  • 27
  • 42
  • Had the same problem - turns out the default VPC was allowing connections only from my local IP, adding 172.xx.xx.*/24 helped. – cabecao Feb 09 '15 at 21:23
1

The problem is that you cannot be authenticated via ssh on your EC2 instance. As described in the documentation you need to provide the path to your private key, that matches the public key known to your EC2 account. Ensure you have setup your EC2 keypairs properly.

kenorb
  • 6,499
  • 2
  • 46
  • 54
xh3b4sd
  • 348
  • 4
  • 10
  • In my first attempt, I have this line `override.ssh.private_key_path = "./anthony_aws.id_rsa"` enabled but it had the same error. I believe my keypair are setup properly because I can access my other manually created ec2 instances without issue – Anthony Kong Oct 12 '14 at 19:11
  • Which ssh keys do you have in your keychain when you enter your EC2 instance manually? What says `ssh-add -l`? Its strange that your debug output says `/Users/antkong/.vagrant.d/insecure_private_key`. Vagrant tries to use the default insecure private key to authenticate against EC2, and that does not work. Is the path to your key correct? – xh3b4sd Oct 12 '14 at 20:26
0

If you are connecting through a VPN and all your traffic (including DNS) is forwarded to the VPN gateway you will not be able to connect through the public IP (which is Vagrant tries), but you will be able to connect using the DNS name from the terminal.

AWS resolves a DNS name to a public IP if you are querying DNS from the internet, but resolves to the internal IP (172.x.x.x) if you are querying from a VPC.

If you use a non-AWS DNS server as resolver, it will resolve always to the public IP and you will be stuck unless the security groups assigned to the instance lets access to port 22 from the outside world.

Vagrant always tries to connect to the public IP instead the DNS name.

I've open an issue about this here: https://github.com/mitchellh/vagrant-aws/issues/396

kenorb
  • 6,499
  • 2
  • 46
  • 54
user1569247
  • 11
  • 1
0

Log-in to Amazon Web Services and check the followings:

  • Security Group for your instance is allowing Inbound SSH access (check: view rules).
  • For VPC instance, check its attached Route table which should have 0.0.0.0/0 as Destination and your Internet Gateway as Target.
  • Double check your route info in System Log in Networking of the instance.

For more details, check: Troubleshooting Connecting to Your Instance

kenorb
  • 6,499
  • 2
  • 46
  • 54