CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2ssh
Marshallm
Marshallm

Reputation: 1165

aws ec2 ssh error: `ssh: connect to host x port 22: Operation timed out`

I'm trying to connect to a EC2 instance via SSH. When I try to connect to the instance, using ssh -i "test.pem" [email protected] I get the error: ssh: connect to host xx.xx.xx.xx port 22: Operation timed out.

EC2 instance config

Platform: Amazon Linux

AMI: ami-0841edc20334f9287

Instance type: t2.micro

Public IPv4: associated Elastic IPv4

EC2 instance associated VPC subnet config:

Route Table: (Destination - Target)

10.0.0.0/24 - local

0.0.0.0/0 - igw-...

ACL: (Type - Protocol - Port range - Source)

Inbound

SSH - TCP - 22 - 0.0.0.0/0

Outbound

HTTPS - TCP - 443 - 0.0.0.0/0

Security Groups: (Type - Protocol - Port range - Source)

Inbound

SSH - TCP - 22 - xx.x.xxx.xxx/xx (My IP)

Outbound

HTTPS - TCP - 443 - 0.0.0.0/0

Attempts:

  1. Followed this AWS article (solution #3) in which they propose adding this script to the instance’s user data:
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"

#cloud-config
cloud_final_modules:
- [scripts-user, always]

--//
Content-Type:
    text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"

#!/bin/bash
iptables -F
service sshd restart
--//

Which resulted in the same error: ssh: connect to host public.ip port 22: Operation timed out

  1. Chaning ssh user:

ssh -i "test.pem" [email protected]

ssh -i "test.pem" [email protected]

Which resulted in the same error: ssh: connect to host public.ip port 22: Operation timed out

  1. I tried using my public subnet within the same VPC and I was able to connect to ec2 via ssh. When comparing the public and private subnets, the only difference was that the public subnet's NACL allowed all traffic inbound traffic.

  2. Connecting with EC2 Instance Connect on the console resulted in a blank terminal window even after 10 minutes or so.

Upvotes: 2

Views: 5294

Answers (2)

Akhil Ghatiki
Akhil Ghatiki

Reputation: 1208

Try running the Reachability Analyzer in your aws console.

AWS console >> VPC >> Network analysis >> Reachability Analyzer

You can choose the source of analyzer as internet gateway and destination as your ec2 instance. Once you run the analyzer, it will tell you if the instance is reachable from you source (IGW in this case) and the interesting thing is, it will also give you the reason why it is not reachable which will help in further debugging the cause.

Upvotes: 1

Arun Kamalanathan
Arun Kamalanathan

Reputation: 8583

Your NACL has the inbound rules for ssh. you should also allow the return ssh traffic in the outbound NACL rules. Because the NACL's are stateless unlike the security groups.

In addition to that, you should also allow ephemeral port ranges for the inbound and outbound NACL rules. Ephemeral ports are random ports ranging between 1024 and 65535 that a client initiating the request chooses as the source ports.

NACL Ephemeral Ports

Upvotes: 5

Related Questions