0

I am unable to access Linux EC2 instance through SSH or browser-based SSH.

Instance id: i-01a3cdf3b36ff6d4f

Inbound rules: HTTP TCP 80 0.0.0.0/0 SSH TCP 22 0.0.0.0/0

Outbound rules: All traffic All All 0.0.0.0/0

Pls check below logs after running command from windows :

ssh -vvv -i "keypair.ppk" ec2-user@ec2-<IP>.ap-south-1.compute.amazonaws.com

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)>ssh -vvv -i "aws-lfd.pem" ec2-user@ec2-13-234-238-12.ap-south-1.compute.amazonaws.com
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
debug3: Failed to open file:C:\\Users\\b.tembhurne/.ssh/config error:2
debug3: Failed to open file:C:\\ProgramData\\ssh/ssh_config error:2
debug2: resolving "ec2-13-234-238-12.ap-south-1.compute.amazonaws.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ec2-13-234-238-12.ap-south-1.compute.amazonaws.com [13.234.238.12] port 22.

I checked for config file it does not exist in above location. Do I need to create one manually? If so, What should it look like? Pls help to resolve this issue.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Bhushan Tembhurne
  • 61
  • 1
  • 6
  • You don't need config file. Are you sure keypair.ppk file is correct one? There are no more logs then this? – Marcin Apr 24 '20 at 05:48
  • Yes, I'm using correct ppk file. I don't have other logs than these. I ran command ssh -vvv -i "keypair.ppk" ec2-user@ec2-IP.ap-south-1.compute.amazonaws.com" – Bhushan Tembhurne Apr 24 '20 at 06:15
  • Let me know if you need further details for debugginig. – Bhushan Tembhurne Apr 24 '20 at 06:16
  • So the connection is hanging? There is no access denied or timeout issues? btw, for the web-based ssh you need to add SSM policies to your instance role. – Marcin Apr 24 '20 at 06:17
  • `debug2: resolving "ec2-13-234-238-12.ap-south-1.compute.amazonaws.com" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to ec2-13-234-238-12.ap-south-1.compute.amazonaws.com [13.234.238.12] port 22. debug3: finish_connect - ERROR: async io completed with error: 10060, io:000002971E3D19D0 debug1: connect to address 13.234.238.12 port 22: Connection timed out ssh: connect to host ec2-13-234-238-12.ap-south-1.compute.amazonaws.com port 22: Connection timed out` – Bhushan Tembhurne Apr 24 '20 at 06:21
  • In current logs, there is connection time-out. Even Browser-based SSH gives Connection timeout. I have added Inbound and Outbound rules. Are they different from SSM policies? I was able to connect before without adding SSM policy. – Bhushan Tembhurne Apr 24 '20 at 06:22
  • Connection timed out. Now your logs make more sense. You have to check VPC settings. Is your instance in public subnet or default VPC? Have you modified network ACLs for the subnet? Is there any firewall running on the instance itself? Have you stopped and restarted instance? – Marcin Apr 24 '20 at 06:24
  • It is on default VPC. And I haven't changed any netwrok ACL settings besides adding inbound and outbound rule for port 22 and port 80. Firewall is applied drom my IP to EC2 public IPv4. And instance was not restarted or stopped. – Bhushan Tembhurne Apr 24 '20 at 06:29
  • Maybe your IP then changed? You security group does not restrict any IPs (SSH TCP 22 0.0.0.0/0). So maybe the firewall is blocking the connections. – Marcin Apr 24 '20 at 06:32
  • No, IP's of both my device and Ec2 instance haven't changed. Checked with security team, firewall is correctly applied. :( checked with spamhaus now, my device IP is blacklisted un PBL. But I don't think it is an issue. – Bhushan Tembhurne Apr 24 '20 at 06:39
  • Sorry, don't have more ideas, except by going to the beginning and double checking everything. – Marcin Apr 24 '20 at 06:42

1 Answers1

0

A Connection timed out indicates that no response was received, which is typically caused by an incorrect network configuration (eg Security Group).

I would recommend that you start by launching a new Amazon EC2 instance in the same subnet, then check whether you can connect. This way, you'll know whether it is a network setting or a problem with the instance.

If that doesn't work, things to check are:

  • Instance is running Linux (so it can receive SSH requests)
  • Security Group is permitting inbound access on port 22 (SSH) from your IP address or 0.0.0.0/0
  • Instance is in a public subnet, which is defined as having a Route Table that points to an Internet Gateway
  • Your network needs to permit an outbound SSH connection (so try another network, such as home vs work, or tethered via your phone)
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • I tried to ping the ec2 instance IPv4 public IP. But I am getting request timeout. I've added ICMP rule echo request for source Anywhere. Can you tell why I can't ping the instance? Checked with AWS support team, they said evwrything is ok from back end. – Bhushan Tembhurne Apr 27 '20 at 04:48
  • Ping is not a very useful debugging technique because it only tests the ability to Ping, not the ability to test the desired connection. Did you try launching a new instance in the same subnet, as suggested above? – John Rotenstein Apr 27 '20 at 05:44