'Operation timed out' error on trying to ssh in to the Amazon EMR Spark Cluster

Question

I'm trying to ssh into Amazon EMR Spark Cluster. Here's what I did:

Get the cluster master's IP:

aws emr describe-cluster --cluster-id <cluster_id> | grep MasterPublicDnsName

Use the IP to ssh into the box:

ssh -i CSxxx.pem hadoop@ec2-xx-xxx-xxx-xxx.ap-southeast-1.compute.amazonaws.com

I'm getting stuck here, as running (2) gives me the below error:

ssh: connect to host ec2-xx-xxx-xxx-xxx.ap-southeast-1.compute.amazonaws.com port 22: Operation timed out

Any ideas to fix this issue?

Are you stuck at trying to SSH into the nodes? If so, that doesn't seem you're question is asking about Anaconda at all. — OneCricketeer, Aug 23 '16 at 12:11
Not entirely sure, but I'd recommend contacting Amazon support because that seems to be an issue with the shell login script to the node, which without SSH, you can't get to. If you have multiple instances, are you able to get into any of them? — OneCricketeer, Aug 23 '16 at 12:45
Are you sure port 22 is the correct port and you have opened the firewall on AWS dashboard to allow it? — OneCricketeer, Aug 24 '16 at 03:20
how do I check both? doing it for the first time. appreciate your help. — xpm, Aug 24 '16 at 03:32
It's been awhile since I've used AWS, but I know that permissions are locked down by default — OneCricketeer, Aug 24 '16 at 03:38
No worries, I've contacted AWS support. Thanks for the help. — xpm, Aug 24 '16 at 03:40

score 42 · Accepted Answer · answered Aug 24 '16 at 22:29

"Operation timed out" Happens typically for one of two reasons:

The IP you're ssh'ing from is not allowed by the EMR cluster's security group. Check this by going to the cluster's console / dashboard and find security group, click it, then edit "inbound rules" and add a line for SSH and in the IP field, dropdown and select your IP.
or, if you've created the EMR cluster in a custom VPC and the cluster itself is launched into a private subnet, you'll not be able to directly SSH into it, without first SSH'ing into an instance in a public subnet in that same VPC, then SSH'ing to the cluster's driver node from there. This is a less likely issue if you don't have custom VPCs on your AWS account.

Adding the SSH rule in EMR console did the trick for me. Thanks! — xpm, Aug 26 '16 at 01:07

score 25 · Answer 2 · answered May 20 '19 at 18:22

25

Adding steps to update ssh rule. The security group is in EC2 dashboard.

1) Navigate to EC2 dashboard -> security group

2) Find group ElasticMapReduce-master -> Inbound -> Edit -> Add rule

3) Add ssh, for source choose My IP

Now you should be able to ssh to the master node.

answered May 20 '19 at 18:22

Fang Zhang

in addition, I had to [open up ssh to all inbound ips](https://stackoverflow.com/questions/47118043/ec2-ssh-operation-timed-out?rq=1) – Geoff Langenderfer Jan 26 '22 at 19:10

2 Answers2