asked on

AWS issues , I cannot SSH into my nodes after adding nodes on the West coast "connection Refused"

I have identical configs for the east and west coast , I have launched 30 or so of centos images , PPK,PEMs all in place all was working .

I added Centos AMI's to the US_WEST and cannot SSH into them"connection Refused" now I go back to the US-EAST and cannot SSH into them at all , all ports are open the security settings are all the same .

is there a limit to how many instances we can ssh into or something I am baffled about this ?

please help this is a production type issue ( giving a class )

how can I get more logs on the "connection refused" error

thanks

gelonida

I don't know your client software, but perhaps you're falling in following problem or something alike.
you can try this by increasing the verbose mode ruing connection.

for openssh clients that would be

ssh -vv westcoast1

Open in new window

What I know is that some ssh servers refuse a connection after a client tried more than x (e.g. 5) private keys.
as clients with basic configurations don't know which private key to use they just try one after the other.
If you have more than the number allowed by the server a connection might fail if the correct private key is not amongst the first ones being tried.

for openssh you can configure a host such, that it tries only the key, that its supposed to use.

it would look something like that:

host westcoast1
hostname westcoast1.my.com
IdentityFile ~/.ssh/keys/id_rsa_westcoast
IdentitiesOnly yes

Open in new window

NAMEWITHELD12

ASKER

it seems that the AMI has changed?
east coast AMI ( can ssh )

CentOS Linux 7 x86_64 HVM EBS 1602-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-d7e1d2bd.3 (ami-6d1c2007)

west coast AMI

(cannot SSh)

CentOS Linux 7 x86_64 HVM EBS 1602-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-d7e1d2bd.3 (ami-af4333cf)

NAMEWITHELD12

ASKER

thanks so much , but how can I use ssh -i to point to the pem key at the same time ?
athish-Cndhu-MBPR:Desktop bks$ ssh -i bkeyes-west.pem ec2-54-183-252-14.us-west-1.compute.amazonaws.com
ssh: connect to host ec2-54-183-252-14.us-west-1.compute.amazonaws.com port 22: Connection refused

gelonida

Not sure I understand the question, but
can you run the command with the verbose flag to get a few more traces. that might help you to understand why the connection failed

ssh -vv -i bkeyes-west.pem ec2-54-183-252-14.us-west-1.compute.amazonaws.com

Open in new window

NAMEWITHELD12

ASKER

thanks once again, this is the result of the verbose ssh connect
athish-Cdhu-MBPR:Desktop byes$ ssh -vv -i bkeyes-west.pem ec2-54-183-252-14.us-west-1.compute.amazonaws.com
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: resolving "ec2-54-183-252-14.us-west-1.compute.amazonaws.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ec2-54-183-252-14.us-west-1.compute.amazonaws.com [54.183.252.14] port 22.
debug1: connect to address 54.183.252.14 port 22: Connection refused
ssh: connect to host ec2-54-183-252-14.us-west-1.compute.amazonaws.com port 22: Connection refused

NAMEWITHELD12

ASKER

what I am thinking is happened is that the AMI got change somehow . I dont think it is due to the wrong PEM key as they are virgin instaces and have never been logged into

I see a slight difference in the AMI , do you know if there is a way to use and older AMI?

NAMEWITHELD12

ASKER

this is what I am consentrating on
debug2: ssh_connect_direct: needpriv 0

ASKER CERTIFIED SOLUTION

David Favor

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

NAMEWITHELD12

ASKER

the issue was someone BROKE the SSH in the AMI , that is it !

AWS issues , I cannot SSH into my nodes after adding nodes on the West coast &quot;connection Refused&quot;

AWS issues , I cannot SSH into my nodes after adding nodes on the West coast "connection Refused"