9

I've just started using Amazon's free trial, and followed the "Launch an Amazon EC2 Instance" guide to set up the t2.micro instance, but I'm having trouble connecting to it over SSH. I've set up the inbound rules for the Security Group as to allow SSH access from my local IP, and tried connecting over Putty and Cygwin+openssh, but both ways fail with a timeout error:

Output of ssh -vvv

$ ssh -i .ssh/aws-general.pem ubuntu@REDACTED.sa-east-1.compute.amazonaws.com -vvvvvvvv
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
debug2: ssh_connect: needpriv 0
debug1: Connecting to REDACTED.sa-east-1.compute.amazonaws.com [REDACTED] port 22.
debug1: connect to address REDACTED port 22: Connection timed out
ssh: connect to host REDACTED.sa-east-1.compute.amazonaws.com port 22: Connection timed out

How can I get SSH access to my instance?

EDIT: Tried connecting with the Java client and trough a Ubuntu machine, both time out the same way.

inbound rules: ssh: my ip http:anywhere https:anywhere outbound rules: all traffic: anywhere

This company is turning evil.
  • 195
  • 1
  • 1
  • 6
  • Temporarily disable the firewall on the EC2 host and try, even though you've specified access from your host. – cutrightjm Dec 31 '14 at 09:14
  • @ekaj Trying from another computer: removed all specific inbound rules on the security group, added a "All traffic from Anywhere" rule, still unable to connect. Running with `-vvv` shows the exact same output (Except for the OpenSSH version). – This company is turning evil. Dec 31 '14 at 12:57
  • @Kroltan Could you please show us your security group rules? Inbound and outbound. – Bazze Dec 31 '14 at 14:20
  • @Bazze Sorry for the late response, new year and all that kept me away from the internet. See edit to the question – This company is turning evil. Jan 02 '15 at 11:59
  • @Kroltan, are you 100% sure that the IP/CIDR in the SSH inbound rule is the actual IP you're trying to connect from? If you change it to 0.0.0.0/0, can you connect then? – Bazze Jan 02 '15 at 14:19
  • @Bazze Yes, I just tried with 0.0.0.0/0, no result either. Still timeouts – This company is turning evil. Jan 02 '15 at 15:04
  • @Kroltan, did you launch your instance inside a VPC? If so, does the VPC have an internet gateway and correct routing? Also, maybe this can help you find the cause: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectionTimeout – Bazze Jan 02 '15 at 15:44
  • @Bazze Following the guide you linked, I found out that the routing table being used by default lacked a "0.0.0.0/0 -> Interface" route, adding makes it work. If you would like to post this as an answer so I can accept it, feel free to do so. – This company is turning evil. Jan 02 '15 at 18:09
  • I'm not able to access Ec2 instance via SSh, how can I disable the firewall? – Kiran Reddy Mar 07 '18 at 11:04

3 Answers3

12

After some comment frenzy on the original question, we found the issue by following the AWS troubleshooting guide for timed out connections. This specific issue that @Kroltan had was caused by a missing route in the routing table. By adding a route in the VPC routing table for connecting the subnet with the internet gateway, the issue was resolved.

Bazze
  • 1,531
  • 10
  • 11
  • 1
    the same for me, I don't remember that I would play with routes, but solution was to associate subnets with existing routing table. – sodik Jan 21 '15 at 12:40
  • What do you mean by " missing route in the routing table." ?? – Elia Weiss Aug 09 '17 at 16:17
  • 2
    @EliaWeiss For traffic to be able to flow from/to the internet from/to your VPC/subnet you need the routes in your routing tables to be correct. In the documentation I linked there are some steps which helps you verify that you've correctly routes traffic to the internet gateway. – Bazze Aug 09 '17 at 18:06
0

I don't think your TCP handshake is completing. Check firewalls to see if the packets are being allowed in and out. You could do a tcpdump on the server to see if the packet is getting there. Also an

iptables -nvL

May show if your server has the port blocked.

Pete
  • 137
  • 3
0

To add my 2 cents. I was having problem connecting to ec2 from home. What I did was to add my address to the IPTable in the OS (Ubuntu 14.04). Basically

iptables -A INPUT -s *ip.ad.dr.ess* -j ACCEPT

I hope this help someone.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
fachex
  • 1