2

I am unable to get a connection working using this ssm-proxy.sh script to remote connect to AWS Cloud9 from Visual Studio Code. I am following this article on how to use AWS Cloud9 to power my Visual Studio Code IDE. I am able to connect by SSH but not when invoking the proxy script.

This works:

Host test1
  HostName xx.xxx.xxx.xx
  User ec2-user
  IdentityFile ~/.ssh/vscloud9

However, this doesn't:

Host cloud9
  IdentityFile ~/.ssh/vscloud9
  User ec2-user
  HostName i-xxxxxxxxxxxxx
  ProxyCommand sh -c "~/.ssh/ssm-proxy.sh %h %p"

Using the AWS CLI I have configured the default named profile with an access key and secret and output of json. Despite it being bad practice, the access key and secret is for the root user so permissions are not causing an issue. This is then detailed in ssm-proxy.sh:

AWS_PROFILE='default'
AWS_REGION='eu-west-2'
MAX_ITERATION=5
SLEEP_DURATION=5

SSH from anywhere is enabled in security groups.

Since plain SSH works with the vscloud9 key, the key pair isn't the issue. I am thinking that the problem is either the AWS profile or the ssm-proxy.sh script itself.

I am using the Remote - SSH VSCode extension.

I need to get this working so I'm wondering if anyone has any idea why this wouldn't work?

SSH output in response to Anton in comments:

OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/myname/.ssh/config
debug1: /Users/myname/.ssh/config line 6: Applying options for cloud9
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Executing proxy command: exec sh -c "~/.ssh/ssm-proxy.sh i-xxxxxxxxxxxxxx 22"
debug1: identity file /Users/myname/.ssh/vscloud9 type 0
debug1: identity file /Users/myname/.ssh/vscloud9-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: kex_exchange_identification: banner line 0: {
debug1: kex_exchange_identification: banner line 1:     "StartingInstances": [
debug1: kex_exchange_identification: banner line 2:         {
debug1: kex_exchange_identification: banner line 3:             "CurrentState": {
debug1: kex_exchange_identification: banner line 4:                 "Code": 0,
debug1: kex_exchange_identification: banner line 5:                 "Name": "pending"
debug1: kex_exchange_identification: banner line 6:             },
debug1: kex_exchange_identification: banner line 7:             "InstanceId": "i-xxxxxxxxxxxxxx",
debug1: kex_exchange_identification: banner line 8:             "PreviousState": {
debug1: kex_exchange_identification: banner line 9:                 "Code": 80,
debug1: kex_exchange_identification: banner line 10:                 "Name": "stopped"
debug1: kex_exchange_identification: banner line 11:             }
debug1: kex_exchange_identification: banner line 12:         }
debug1: kex_exchange_identification: banner line 13:     ]
debug1: kex_exchange_identification: banner line 14: }
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
Anthony
  • 317
  • 1
  • 5
  • 23
  • What error messages or behavior are you getting? Have you made sure `~/.ssh/ssm-proxy.sh` is executable? – Andrew Gillis Nov 23 '22 at 13:50
  • and what is in `ssh -v cloud9` debug output? – Anton Nov 24 '22 at 09:24
  • Yes, I believe I made it executable with `chmod +x ~/.ssh/ssm-proxy.sh`. Is that right? – Anthony Nov 24 '22 at 13:12
  • ssh -v cloud9 output has been added to the question as it is too long to paste here. – Anthony Nov 24 '22 at 13:13
  • @Anthony No exit code? This isn't the full output of an unsuccessful ssh call. – Andrew Gillis Nov 25 '22 at 22:02
  • Sorry, my bad. I didn't realise I hadn't selected the whole output before pasting. I have edited it above to show the full output. – Anthony Nov 26 '22 at 17:37
  • How long does it take before the "Connection closed" message is displayed? And can you try this modified file then show the log? https://github.com/aws-samples/cloud9-to-power-vscode-blog/blob/979feb0dc34117586d3394f48b527b8c20206b9a/scripts/ssm-proxy.sh – Caerbannog Nov 28 '22 at 14:21

2 Answers2

0

Please check your username. if you are using ubuntu instance try using "ubuntu" in username instead of "ec2-user", and vice-versa

OR

Check your security group. Make sure that you have an outbound rule that allows traffic to return from the instance.

With the default outbound rule

type: All traffic, Protocol: All, Ports: All, Destination: 0.0.0.0/0

In My case the username was incorrect. On ubuntu instances it should be "ubuntu" and on amazon instances it should be "ec2-user".

it will work.

Aniruddh Parihar
  • 3,072
  • 3
  • 21
  • 39
-1

Try:

Host cloud9
  HostName xx.xxx.xxx.xx
  User ec2-user
  IdentityFile ~/.ssh/vscloud9
  ProxyCommand sh -c "~/.ssh/ssm-proxy.sh %h %p"

This rearranges the order, so I tried to see if it would work in the order you provided.

Kia
  • 9
  • 6
  • Please don't post only code as answer, but also provide an explanation what your code does and how it solves the problem of the question. Answers with an explanation are usually more helpful and of better quality, and are more likely to attract upvotes. – Mark Rotteveel Nov 30 '22 at 10:14