Best IT Recipes

Possible reasons for a timeout while trying to access an EC2 instance

I cannot use SSH in my instance - the operation has been disabled. What could be the reasons and what can I do to solve this problem? A reboot usually takes a long time to take effect, and can lead to worse.

UPDATE: this is not about permissions - I can work normally. I suspect this may be due to memory problems.

+94
ssh amazon-web-services amazon-ec2
May 11 '10 at 19:30
source share
22 answers

Have you set the appropriate security group for the instance? That is, which allows you to access from your network to port 22 on the instance. (By default, all traffic is denied.)

Update: Good, but not a problem with the security group. But does the problem persist if you start another instance from the same AMI and try to access it? Perhaps this particular instance of EC2 accidentally failed - it is only a matter of time before something like this happens. (Recommended reading: Architecture for the Cloud: Best Practices (PDF), a document by Genesha Varia, who is an evangelist of web services in the Amazon. Section โ€œDesign for failure and nothing will work.โ€)

+65
May 11 '10 at 19:55
source share
โ€” -

I had the same problem, and the solution turned out to be the IP of the local network in the list of incoming rules in the active security group. In the dialog box that appears, enter 22 in the port range, local IP / 32 in the source field and leave the "custom tcp rule" in the drop-down list.

enter image description here

+88
Feb 21 '13 at 14:24
source share

Destroy and recreate

I had one access zone where I could connect, and another where I could not. After a few hours, I was so upset that I deleted everything in this accessibility zone.

Creating everything that I had to do to create ALL. This included:

  • Create VPC
    • CIDR: 10.0.0.0/24
  • Create Internet Gateway
  • Connect Internet Gateway to VPC
  • Create routing table
  • Add route to routing table
    • Destination: 0.0.0.0/0
    • Target: <Internet Gateway from earlier>
  • Create subnet
    • CIDR: 10.0.0.0/24
    • Routing Table: <Routing Table from earlier

It took me a long time to get it all. I ordered the steps in how I think it might be most effective, but you may have to tweak them to get one item for the next.

Sentence

I do not suggest that you go fusion like me. I offer all this information so that you can check these associations to make sure that you are consistent.

+26
Mar 19 '15 at 17:44
source share

This answer is for stupid people (like me). Your public DNS EC2 may (will) change when it is restarted. If you do not understand this and are trying to use SSH in your old public DNS, the connection will stop and time out. This may make you assume that something is wrong with your EC2 or security group or ... No, just SSH to the new DNS. Update the ~/.ssh/config file if you need to!

+21
Oct 23 '15 at 3:39 on
source share

To enable ssh use like this:

 ssh -i keyname.pem username@xxx.xx.xxx.xx

Where keyname.pem is the name of your private key, username is the correct username for your os distribution, and xxx.xx.xxx.xx is the public IP address.

When it expires or does not work, check the following:

Security group

Make sure for the inbound rule for tcp port 22 and all ips or ip. The security group can be found through the ec2 menu in the instance options.

Routing table

For a new subnet in vpc, you need to change the routing table, which points 0.0.0.0/0 to the target of the Internet gateway . When you create a subnet in your vpc, by default it assigns a default routing table, which probably does not accept incoming traffic from the Internet. You can edit the routing table parameters in the vpc menu, and then subnets.

Elastic IP

For an instance in vpc, you need to assign a public elastic ip address and associate it with the instance. Private IP is not accessible externally. You can get elastic ip in the ec2 menu (and not in the instance menu).

Username

Make sure you use the correct username . It must be one of ec2-user or root or ubuntu . Try them if necessary.

Private key

Make sure that you are using the correct private key (the one you download or select when starting the instance). It seems obvious, but a copy of the paste got me twice.

+11
May 29 '15 at 16:21
source share

Have you looked at the console output from the instance? You can do this using the AWS console (Instances -> Right-click on the instance -> Get System Log). I had cases when network services in an EC2 instance did not start correctly, as a result of which SSH connections were disabled; restarting an instance of usually fixed things.

+7
May 12, '10 at 21:24
source share

enter image description here

AFTER 2 HOURS I FOUND IT

Note. ssh ip 120.138.105.251/32

  • DO NOT DELETE IP ADDRESS

  • This is not your local ip 127.0.0.1

  • This is not your local ip localhost

BUT BUT BUT

Your public IP address of your personal computer from which you are trying to access the aws instance

IF YOU WANT TO FULLY OPEN SSH FOR ALL IP ADDRESSES enter image description here

IT IS AS FULLY AVAILABLE ACCESSIONS IN DEPENDENCE - BASIC RECOMMENDATIONS enter image description here

THIS IS WHAT I AM IN PRODUCTION enter image description here

+2
Nov 08 '16 at 11:14
source share

The following problems are possible:

  • The most likely is that the security group is not configured properly to provide SSH access to port 22 on your ip. Changing the security setting does not require a server reboot to be effective, but you need to wait a few minutes to use it.

  • The local firewall configuration does not allow SSH access to the server. (you can try another internet connection, your phone / key to try)

  • The server does not start properly (then access control will fail even on the amazon console), in which case you will need to stop and start the server.

+1
Jan 08 '15 at 1:46
source share

Just restart your Ec2 instance after applying the rules

+1
Oct 25 '18 at 13:08
source share

Another opportunity. AWS security groups are configured to only work with specific inbound IP addresses. If your security group is configured this way, you (or the account owner) will need to add your IP address to the security group. In this case, open the AWS control panel, select security groups, select a security group, and click the inbox tab. Then add your ip if necessary.

0
Jan 31 '13 at 14:40
source share

I had the same problem, and the solution allowed access from anywhere to the list of inbound rules in the active security group. In the incoming dialog box, enter 22 in the port range anywhere in the source field and select "ssh" from the drop-down list.

PS: This may not be the recommended solution, as it means that this instance can be deleted from any machine, but I could not get it to work with my local IP address.

0
Aug 29 '14 at 6:49
source share

I had a similar problem when I used public Wifi that didn't have a password. Switching your Internet connection to a secure connection really fixed the problem.

0
Jan 30 '16 at 9:07
source share

If SSH access does not work for your EC2 instance, you need to check:

  • The security group for your instance allows access to the inbound SSH (check: browse rules).

If you are using a VPC instance (you have a VPC ID and a subnet ID attached to your instance), check:

  • In the VPC Dashboard, find the used subnet ID that is connected to the VPC.
  • Check the attached route table , which should have 0.0.0.0/0 as Destination and your Internet gateway as Target.

On Linux, you can also check the route information in the syslog on the network, for example:

 ++++++++++++++++++++++++++++++++++++++Net device info+++++++++++++++++++++++++++++++++++++++ +--------+------+------------------------------+---------------+-------+-------------------+ | Device | Up | Address | Mask | Scope | Hw-Address | +--------+------+------------------------------+---------------+-------+-------------------+ | lo | True | 127.0.0.1 | 255.0.0.0 | . | . | | eth0 | True | 172.30.2.226 | 255.255.255.0 | . | 0a:70:f3:2f:82:23 | +--------+------+------------------------------+---------------+-------+-------------------+ ++++++++++++++++++++++++++++Route IPv4 info+++++++++++++++++++++++++++++ +-------+-------------+------------+---------------+-----------+-------+ | Route | Destination | Gateway | Genmask | Interface | Flags | +-------+-------------+------------+---------------+-----------+-------+ | 0 | 0.0.0.0 | 172.30.2.1 | 0.0.0.0 | eth0 | UG | | 1 | 10.0.3.0 | 0.0.0.0 | 255.255.255.0 | lxcbr0 | U | | 2 | 172.30.2.0 | 0.0.0.0 | 255.255.255.0 | eth0 | U | +-------+-------------+------------+---------------+-----------+-------+

where the UG flags show your internet gateway.

See Troubleshoot connecting to your instance in Amazon docs for more information.

0
Jun 12 '16 at 2:56
source share

Check out this man page for AWS docs:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectionTimeout You will probably find your solution there. for me this part made a correction:

[EC2-VPC] Check the route table for the subnet. You need a route that sends all traffic destined outside of the VPC to the VPC Internet Gateway.

  • Open the Amazon VPC console at https://console.aws.amazon.com/vpc/ .

  • In the navigation bar, select Internet gateways. Make sure your VPC has an Internet gateway installed. Otherwise, select Create. Internet gateway and follow the instructions to create an Internet gateway, select an Internet gateway, and then select "Join the VPC" and follow the instructions to attach it to the VPC.

  • In the navigation bar, select Subnets, and then select your subnet.

  • On the Route Table tab, make sure that there is a route with 0.0.0.0/0 and an Internet gateway for your VPC as the destination as the destination. Otherwise, select the route table identifier (rtb-xxxxxxxx) to go to the โ€œRoutesโ€ tab for the route table, select โ€œEditโ€, โ€œAddโ€ another route, enter 0.0.0.0/0 in Destination, select your Target Internet gateway , and then select "Save."

But I suggest you check all the options listed above, you can find one or more problems there.

0
Dec 14 '16 at 2:02
source share

My problem. I had port 22 open for "My IP", and my Internet connection and IP address change. So I had to change it.

0
Jan 15 '17 at 0:47
source share

To enable ssh access from the Internet for instances on the VPC subnet:

  • Attach the Internet gateway to the VPC.
  • Verify that the subnet route table points to the Internet gateway.
  • Make sure your subnet instances have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
  • Make sure that your network access control (at the VPC level) and security group rules (at the ec2 level) allow you to transfer the appropriate traffic to and from your instance. Make sure your network IP address is enabled for both. By default, Network AcL allows all inbound and outbound traffic, unless explicitly configured otherwise.
0
May 14 '17 at 10:46 a.m.
source share

For me, it was an Apache server hosted on a t2.micro linux EC2 instance, not the EC2 instance itself.

I fixed this by doing:

sudo su

service httpd restart

0
Nov 24 '17 at 15:36
source share

@ted.strauss answer @ted.strauss , you can select SSH and MyIP from the drop-down menu instead of MyIP on a third-party site.

0
Jan 29 '18 at 18:15
source share

I had the same problem and solved it by adding a rule to security groups

Incoming SSH 0.0.0.0/0

Or you can add only your IP address

0
Apr 19 '19 at 10:26
source share

For me it was that I deleted everything from the boot volume. And could not connect to the instance anymore.

0
Jul 02 '19 at 3:26
source share

I was working on an instance, and that was normal, the very next day, when I tried to use SSH in my instance, he said: "Connection timeout.

I tried to go through this post, but nothing worked. So I did -

In the " Edit inbound rules from source" column, select " MY IP and it will automatically populate your public IP address in CIDR format ( XXX.XXX.XXX.XX/32 ).

I tried to reply @ ted.strauss with a local IP, but in my case this did not help. So I choose MY IP, and it worked.

Hope this helps someone!

0
Jul 04 '19 at 7:27
source share

I think you deleted the default vpc in aws somehow, if you create the default vpc then your problem is solved

-one
Dec 10 '18 at 5:31
source share


More articles:


All Articles