0

When I try to connect my RHEL 8.7 EC2 instance, i am getting

ssh: connect to host xx.xx.xx.xx port 22: Connection refused

Steps followed

  1. Triggered an EC2 instance which has RHEL 8.4
  2. Upgraded it to RHEL 8.7
  3. Took an AMI from the above instance
  4. Launched an instance from the created AMI

Now getting the error. I also ensured the port 22 is open, and sshd service is running.

James Z
  • 12,209
  • 10
  • 24
  • 44
Shiva Subramaniam
  • 11
  • 1
    The message means that your computer is successfully connecting to the Amazon EC2 instance, but the instance is rejecting the connection. Use `ssh -vvv ...` to obtain more information. What is the exact command you are using to connect? What makes you think you are using the correct keypair? – John Rotenstein Apr 21 '23 at 10:37

1 Answers1

0

Connection refused is often a sign that the firewall is blocking. There are two types of firewall in play with AWS EC2 instances.

  1. AWS Security Groups
  2. RHEL iptables/firewalld (since this is your first connection unlikely the issue)

With AWS Security Groups you have to make sure the computer you are connecting from has a rule in place to allow connections to port 22. From the computer you want to connect from run:

curl ifconfig.me

This will return the IP you're connecting from. Add this IP as a CIDR: ip/32 "append /32" this ensures only that IP can connect. Allow TCP port 22 inbound.

Retry connecting to ssh

Jason Heithoff
  • 508
  • 3
  • 10
  • I don't think this is correct. If the connection was blocked, it would receive a `timeout` error. The fact that the "connection is refused" indicates that a connection was made to the instance, but the instance refused it. This means the network setup is working correctly. – John Rotenstein Apr 21 '23 at 11:57
  • I think it depends on how the firewall is configured. In the case of AWS Security Groups you are correct. A timeout would occur if there was a missing rule for his EC2 instance as AWS does not send the TCP RST packet. It's best practice to configure firewalls to drop requests which are not allowed as it prevents discovery of services running. Not all firewall configurations are setup this way so it's possible to get the TCP RST packet which would give you the connection refused error. So it depends. As you stated ssh -vvv would reveal alot to us. Let's hope the OP see that. – Jason Heithoff Apr 21 '23 at 17:04