CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2
nasaa
nasaa

Reputation: 2731

EC2 Security Group not connecting to my IP

Seems like a basic job, but for some reason it is not working for me. I wish to access my EC2 instances from my office IP only.

I went into my security group and added an SSH rule with source for my IP only like this -

enter image description here

But this does not seems to be working for me at all. I get connection denied when I try to connect via WinSCP or by using terminal.

Everything works if I change my source to Everywhere (0.0.0.0/0) Anyone has any pointer for me please.

Upvotes: 4

Views: 4904

Answers (3)

santosh verma
santosh verma

Reputation: 294

Although "who am i" work fine. However I'd like to add two more solutions. both are very easy.

Solution 1:

Step 1: Open security group for all IP's (0.0.0.0/0) for a while.

Step 2: Make ssh connection to your server.

Step 3: run "w" command and check the output in FROM column.

ubuntu@ip-172-31-39-228:~$ w
 23:20:09 up 5 min,  1 user,  load average: 0.08, 0.08, 0.04
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
ubuntu   pts/0    52.95.75.17      23:20    0.00s  0.01s  0.00s w

Step 4: Replace this IP in the security group with 0.0.0.0/0 ( like 52.95.75.17/32 ).

Solution 2:

Step 1: Open security group for all IP's (0.0.0.0/0) for a while.

Step 2: Make ssh connection to your server.

Step 3: Check the last login info on welcome message. like :

Learn more about enabling ESM Apps service at https://ubuntu.com/esm


Last login: Thu Feb  9 23:21:42 2023 from 52.95.75.17
ubuntu@ip-172-31-39-228:~$
ubuntu@ip-172-31-39-228:~$

Step 4 ( optional ): If IP address not available in welcome message. Then run "last" command.

ubuntu@ip-172-31-39-228:~$
ubuntu@ip-172-31-39-228:~$ last
ubuntu   pts/2        52.95.75.17      Thu Feb  9 23:33   still logged in
ubuntu   pts/1        52.95.75.17      Thu Feb  9 23:21   still logged in

Step 5: Replace this IP in the security group with 0.0.0.0/0 ( like 52.95.75.17/32 ).

Check below screenshot for reference of above solutions: enter image description here

Upvotes: 2

Manuelh2410
Manuelh2410

Reputation: 1

Feel free to use my powershell script for this .

The script detects your public ip and adds it to the inbound security group rules of dedicated RDP and SSH security groups .

If these groups do not exist , the script will create them and add it to the appropriate instances .

https://github.com/manuelh2410/public/blob/1/AWSIP_Linux_Win.ps1

Upvotes: -1

Vorsprung
Vorsprung

Reputation: 34327

Login to the EC2 using the method that works and issue the command

who am i

It will say something like

ec2-user      pts/0        2016-02-29 15:06 (104.66.242.192)

Use the ip address shown for you (not the one above) in the security group rule

Upvotes: 18

Related Questions