0

Thanks to everyone in advance -

I have an ec2 instance with the following network config:

  • eth0 - internal-ipaddressA

  • eth1 - internal-ipaddressB

  • public-elastic-ipddressA associated with internal-ipaddressA

  • public-elastic-ipddressB associated with internal-ipaddressB

I configured sshd to listen on both these addresses explicitly:

  • internal-ipaddressA
  • internal-ipaddressB

I can ssh to public-elastic-ipddressA and then ssh to internal-ipaddressA AND internal-ipaddressB, just to make sure sshd is working correctly on both addresses.

All that said, I am unable to ssh to public-elastic-ipddressB if it is associated with any other network interface besides the primary, which was created by default when the instance was started.

Am I missing some sort of special routing or ACL/security configurations here?

Thanks!

Sam

Diego Fernández Durán
  • 2,502
  • 23
  • 32
Sam Ingrassia
  • 115
  • 1
  • 14

2 Answers2

0

The sshd process is probably bond to the first adress.

You should look at /etc/ssh/sshd_config. The ListenAddress propeties contains the adress it listen to (man page).

The adress is probably first set by Cloutint.

Kazaag
  • 2,115
  • 14
  • 14
  • I am actually able to connect to both internal addresses - they are explicitly listed in ssh_config: `ListenAddress 1.1.46.168 ListenAddress 1.1.44.182` – Sam Ingrassia Mar 19 '15 at 07:07
0

It's a routing problem. You need to put each network interface of the instance in a different subnet of the VPC or the packets won't be routed back from the instance to the destination.

Other solution is to assign two internal IPs to the same network interface, and then configure them in the OS as eth0 and eth0:1, but this won't achieve your objective.

Diego Fernández Durán
  • 2,502
  • 23
  • 32
  • It looks like you cannot put the network interface in a different subnet (region) than what the current instance is already in. – Sam Ingrassia Mar 24 '15 at 05:44
  • Subnets and regions are different things. A region has several AZ and in each AZ you can have different subnets. One instance can have one NIC in one subnet and another NIC in other subnet, always in the same AZ. Create the subnets in your VPC configuration. – Diego Fernández Durán Mar 24 '15 at 09:02
  • I went ahead and created a new/different subnetid in the same region as the instance and a new NIC in the same region. I assigned the new public ip address to eth1. Tested connecting to the second internal ip via ssh and it works, does not connect via public ip attached to second nic. any ideas? thanks again for your help. – Sam Ingrassia Mar 24 '15 at 16:33