-1

Tl'Dr: I'm unable to (ssh) connect to amazon EC2 instance using private IP.

I'm using private IP because

  1. https://stackoverflow.com/a/56159299/2125837
  2. my machine and ec2 are both within my company's VPN & intranet

The errors I'm getting are:

Resource temporarily unavailable or Connection refused

In fact, I had never been able to, and this is a problem that I've been trying to solve for weeks, as aws is so new to me that I don't even know where to start to ask questions. Now I'm able to replicate the problem with the simplest scenario:

  • Following the Quick Start to launch an instance using my default zone and the IAM of Amazon Linux 2, which is supposed to have everything working out of the box.
  • Using the most open rules:

enter image description here

Yet the connectivity is not there:

$ telnet 172.xx.xx.121 22
Trying 172.xx.xx.121...
telnet: Unable to connect to remote host: Connection refused

And ping is NOK too -- 3 packets transmitted, 0 received, 100% packet loss, time 2002ms

Trying to use the AWSSupport-TroubleshootSSH automation workflow to troubleshoot SSH connection issues is failing for both of my Ubuntu and Amazon Linux instances:

enter image description here enter image description here

What I'm missing?

The answer to Unable to connect to amazon EC2 instance via PuTTY talked about VPC Configuration, Internet Gateway and NACLs. Do I need to worry about them? As launching Amazon Linux, with everything default is supposed to have everything working out of the box, right?

xpt
  • 20,363
  • 37
  • 127
  • 216
  • Please use `ssh -vvv` to obtain additional debugging information. That might help show whether _any_ communication was established with the EC2 instance, or whether it failed in the network layer. Are you able to SSH it _any_ EC2 instances across the corporate VPN connection? – John Rotenstein Oct 04 '22 at 20:37
  • 1) when telnet IP is not working, it means that the connectivity is not there. ssh would failed with same reason, and it indeed does so. 2) No, I had never been able to SSH to any EC2 instances across the corporate VPN connection before, and _"this is a problem that I've been trying to solve for weeks"_, @JohnRotenstein. – xpt Oct 04 '22 at 21:57

2 Answers2

1

The answer to Unable to connect to amazon EC2 instance via PuTTY talked about VPC Configuration, Internet Gateway and NACLs. Do I need to worry about them? As launching Amazon Linux, with everything default is supposed to have everything working out of the box, right?

None of those things you mentioned (VPC Configuration, Internet Gateway, NACLS) exist on the EC2 instance, those are all part of the VPC network infrastructure. Launching a default Amazon Linux EC2 server just means it has some default AWS stuff configured on the virtual machine, it has no bearing on the configuration of the network you are launching it into. So yes, you still need to worry about all those things.

my machine and ec2 are both within my company's VPN & intranet

This is the part I would focus on first. How does your company's VPN and intranet interface with the VPC? How does your company's network know to route the traffic for your EC2 instance's private IP over to the AWS VPC?

Verified that it is appearing under Managed Instances in the Systems Manager console

Then why not use Systems Manager Session Manager instead of SSH? It's more secure.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • _"why not use Systems Manager Session Manager instead of SSH?"_ I guess it's the only option left for me then. I prefer ssh because I'm so spoiled by the easy copy & paste under xterm, and all those hot keys I'm able to use. All of such things that I'm accustomed for decades are now gone under this web based Systems Manager Session Manager. – xpt Oct 04 '22 at 17:03
  • 1
    @xpt There's no need to use the web based console to connect with Session Manager. You can connect with the CLI, or if you [configure it properly, with SSH itself](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html). – Anon Coward Oct 04 '22 at 17:10
  • _"aws is so new to me that I don't even know where to start to ask questions"_ Thanks a lot @AnonCoward, please provide your comment as an (alternative) answer. – xpt Oct 04 '22 at 17:16
0

Ping will not work because icmp is not enabled same as telnet.

  1. Are you sure your instance is running?
  2. What command are you using to ssh to the instance can i get the full error it displays.
  3. I do this on powershell => ssh -i "keypair.pem" [public ipv4 DNS]
GDrepain
  • 3
  • 1
  • 3
  • when telnet IP is not working, it means that the connectivity is not there. ssh would failed with same reason, and it indeed does. – xpt Oct 04 '22 at 17:09