2

1The security group allows SSH at port 22 Inbound Rule

This is the first time I've had this problem. I logged in from a friend's AWS account to one of his instances and it connects. so the problem isn't at my end.

Here's the debug log: 

OpenSSH_7.2p2, LibreSSL 2.4.1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: resolving "ec2-54-215-233-245.us-west-1.compute.amazonaws.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ec2-54-215-233-245.us-west-1.compute.amazonaws.com [54.215.233.245] port 22.

I followed AWS's troubleshooting guide and even that didn't work. Any idea what's wrong?

NACL

Improve this question
7
  • Is your instance in a private subnet? Commented Mar 31, 2017 at 23:54
  • @Rafael apparently not: "Connecting to ec2-54-215-233-245.us-west-1.compute.amazonaws.com" Commented Mar 31, 2017 at 23:55
  • But when you created it, did you make something different about the VPC? (did you change the default values of Network, or Subnet?) Commented Mar 31, 2017 at 23:59
  • @ishan the command used for ssh? Commented Mar 31, 2017 at 23:59
  • @hjpotter92 ssh -i "key.pem" ubuntu@DNS -vvv Commented Apr 1, 2017 at 0:13

2 Answers 2

Reset to default
3

The standard things to check when you can't SSH into an instance:

  • Confirm that the Security Group is permitting access on port 22 (SSH)
  • Confirm that the instance is in a Public Subnet (which has a Route Table for the Subnet that sends traffic for 0.0.0.0/0 to the Internet Gateway)
  • Confirm that the instance is running Linux or has an SSH service installed
  • Confirm the Public IP address (if you're not using a static Elastic IP address, it can change when the instance is Stopped and Started)
  • Confirm that the Network Access Control Lists (NACLs) in VPC permit all inbound and outbound traffic (this is the default setting)
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yes, I added an entry for port 22 in NACLs, the instance is in a public subnet & running Ubuntu. Posted a pic of the security group and NACL (edited).
0

It's probably due to your key.pem's permission not securely set. You might want to try set it to 0400 or 0600 (e.g. sudo chmod 400 key.pem).

Improve this answer

4 Comments

If this were the case, ssh would display a message stating that fact.
@John Rotenstein, thanks for point that out. Contemporary ssh clients seem to address key permission issues well, with explicit warning like Permissions 0444 for '/path/to/key.pem' are too open.
The key's permission is 0400.
@ishan Vadwala, if your instance is EBS-backed and if all else fails, consider the recovery method described in this AWS doc – essentially using a rescue instance which you can ssh to in the same availability zone to regain access to the unreachable instance. Note that the first half of the doc goes over how to create an unreachable instance just as an exercise to illustrate how to fix it in the rescue section.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.