NAMEWITHELD12
asked on
AWS issues , I cannot SSH into my nodes after adding nodes on the West coast "connection Refused"
I have identical configs for the east and west coast , I have launched 30 or so of centos images , PPK,PEMs all in place all was working .
I added Centos AMI's to the US_WEST and cannot SSH into them"connection Refused" now I go back to the US-EAST and cannot SSH into them at all , all ports are open the security settings are all the same .
is there a limit to how many instances we can ssh into or something I am baffled about this ?
please help this is a production type issue ( giving a class )
how can I get more logs on the "connection refused" error
thanks
I added Centos AMI's to the US_WEST and cannot SSH into them"connection Refused" now I go back to the US-EAST and cannot SSH into them at all , all ports are open the security settings are all the same .
is there a limit to how many instances we can ssh into or something I am baffled about this ?
please help this is a production type issue ( giving a class )
how can I get more logs on the "connection refused" error
thanks
ASKER
it seems that the AMI has changed?
east coast AMI ( can ssh )
CentOS Linux 7 x86_64 HVM EBS 1602-b7ee8a69-ee97-4a49-9e 68-afaee21 6db2e-ami- d7e1d2bd.3 (ami-6d1c2007)
west coast AMI
(cannot SSh)
CentOS Linux 7 x86_64 HVM EBS 1602-b7ee8a69-ee97-4a49-9e 68-afaee21 6db2e-ami- d7e1d2bd.3 (ami-af4333cf)
east coast AMI ( can ssh )
CentOS Linux 7 x86_64 HVM EBS 1602-b7ee8a69-ee97-4a49-9e
west coast AMI
(cannot SSh)
CentOS Linux 7 x86_64 HVM EBS 1602-b7ee8a69-ee97-4a49-9e
ASKER
thanks so much , but how can I use ssh -i to point to the pem key at the same time ?
athish-Cndhu-MBPR:Desktop bks$ ssh -i bkeyes-west.pem ec2-54-183-252-14.us-west- 1.compute. amazonaws. com
ssh: connect to host ec2-54-183-252-14.us-west- 1.compute. amazonaws. com port 22: Connection refused
athish-Cndhu-MBPR:Desktop bks$ ssh -i bkeyes-west.pem ec2-54-183-252-14.us-west-
ssh: connect to host ec2-54-183-252-14.us-west-
Not sure I understand the question, but
can you run the command with the verbose flag to get a few more traces. that might help you to understand why the connection failed
can you run the command with the verbose flag to get a few more traces. that might help you to understand why the connection failed
ssh -vv -i bkeyes-west.pem ec2-54-183-252-14.us-west-1.compute.amazonaws.com
ASKER
thanks once again, this is the result of the verbose ssh connect
athish-Cdhu-MBPR:Desktop byes$ ssh -vv -i bkeyes-west.pem ec2-54-183-252-14.us-west- 1.compute. amazonaws. com
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: resolving "ec2-54-183-252-14.us-west -1.compute .amazonaws .com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ec2-54-183-252-14.us-west- 1.compute. amazonaws. com [54.183.252.14] port 22.
debug1: connect to address 54.183.252.14 port 22: Connection refused
ssh: connect to host ec2-54-183-252-14.us-west- 1.compute. amazonaws. com port 22: Connection refused
athish-Cdhu-MBPR:Desktop byes$ ssh -vv -i bkeyes-west.pem ec2-54-183-252-14.us-west-
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: resolving "ec2-54-183-252-14.us-west
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ec2-54-183-252-14.us-west-
debug1: connect to address 54.183.252.14 port 22: Connection refused
ssh: connect to host ec2-54-183-252-14.us-west-
ASKER
what I am thinking is happened is that the AMI got change somehow . I dont think it is due to the wrong PEM key as they are virgin instaces and have never been logged into
I see a slight difference in the AMI , do you know if there is a way to use and older AMI?
I see a slight difference in the AMI , do you know if there is a way to use and older AMI?
ASKER
this is what I am consentrating on
debug2: ssh_connect_direct: needpriv 0
debug2: ssh_connect_direct: needpriv 0
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
the issue was someone BROKE the SSH in the AMI , that is it !
you can try this by increasing the verbose mode ruing connection.
for openssh clients that would be
Open in new window
What I know is that some ssh servers refuse a connection after a client tried more than x (e.g. 5) private keys.
as clients with basic configurations don't know which private key to use they just try one after the other.
If you have more than the number allowed by the server a connection might fail if the correct private key is not amongst the first ones being tried.
for openssh you can configure a host such, that it tries only the key, that its supposed to use.
it would look something like that:
Open in new window