-1

I am having two ec2-instance with OS Amazon linux (instance1 and instance2) mapped with same security groups and I am able to ssh the 'instance2'. However I am unable to SSH the instance1, this instance1 is working till I am change the IAM roles. Even now I am able to connect the DB port of the instance1. Please advise me your thoughts in this

For more information, I have added the SSH logs below:

➤ ssh -v -i /drives/c/Users/vishwa/Downloads/machine.pem ec2-user@ip
OpenSSH_7.1p2, OpenSSL 1.0.1g 7 Apr 2014
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to IP [IP] port 22.
debug1: connect to address IP port 22: Connection timed out
ssh: connect to host IP port 22: Connection timed out
user447065
  • 1
  • You haven't given enough information to help diagnose the problem. People might be able to guess and give suggestions. Details of exactly what you changed in IAM that prevented access might help. – Tim Dec 05 '17 at 18:11
  • Check the configuration of the security group. – jordanm Dec 06 '17 at 07:19
  • @Tim Nothing IAM related will cause ssh connection timeouts. – jordanm Dec 06 '17 at 07:20
  • @jordanm I think the question says it was working until they changed something in IAM - the English isn't quite clear. I'm pretty familiar with IAM / AWS, I wanted to hear what change the user thinks caused the problem. I can't think of anything off the top of my head in IAM that will prevent SSH connections being established, but I can't completely rule it out either... maybe something around deleting keys, but those key are stored in the instance so it shouldn't affect it. So while I think I agree with you I always allow for the fact that I don't know everything. – Tim Dec 06 '17 at 08:14

1 Answers1

1

With the information you have provided, I can give you some items to check/compare; I cannot tell the actual cause. First, have you tried the troubleshooting steps recommended by Amazon? They are here.

  1. Check the Public DNS setting on instance1 (under the AWS console - services - EC2 - running instances - select instance1 and note the public DNS URL. Make sure the URL in your SSH command/profile is correct.

  2. Compare the SSH profile/command settings you are using on both instances. Is there any difference (except for URLs, user if appropriate and such) in the SSH configuration? Any typos or different settings? If so, correct any errors and try to connect again.

  3. Take an instance snapshot of both and compare them.

  4. Check your security rules on both instances. Have you authorized inbound SSH connects to instance1? Are the rules different? Also check your ACLs. Correct any errors.

  5. Compare user and group IAM on both instances for differences, ensure they are the same (if that does not impact any other users/services on instance1.)

Mika Wolf
  • 169
  • 3