SSH failure from Ubuntu computer to AWS Ubuntu Server
I have a Ubuntu 20.04 computer that I am trying to ssh into a AWS Ec2 Ubuntu server.
I created a user with admin rights, created my .pem file for programmatic use and downloaded it to a directory on my computer. I changed to the directory where I downloaded my pem file and I executed chmod 0400 on the pem file.
This is what I received: - Please note the actual ip address was replaced by nines for the purpose of this question.
ssh -vvv -i ec2mjsubuntu.pem ec2-user@9.99.999.99
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 9.99.999.99 is address
debug2: ssh_connect_direct
debug1: Connecting to 9.99.999.99[9.99.999.99] port 22.
debug1: connect to address 9.99.999.99 port 22: Connection timed out
ssh: connect to host 9.99.999.99 port 22: Connection timed outWhat do I need to do yet? Do I need to create any files or change anything in the ssh_config file in /etc/ssh folder? I know this is dumb question but when I create a the user,assign proper rights,selected programmatic option and created the pem, isn't that user 'tied' to the pem file ? I would think so.
According to the documentation from the host company we are suppose to use ec2-user but can't other users if they have the proper rights etc still ssh into the server ?
Any help appreciated. Thank you.
ASKER
Thank you for responding. You have clarified some questions.
I issued a chmod 0400 on the instance's pem - the one that was created when creating the ec2 instance.
Moved it to the /etc/ssh folder. I do not have a .ssh folder in my home directory list.
And I understand the order of how Ubuntu ssh *looks for* order -
ssh(1) obtains configuration data from the following sources in the following order:
1. command-line options
2. user's configuration file (~/.ssh/config)
3. system-wide configuration file (/etc/ssh/ssh_config)I was in the /etc/ssh folder and executed this command below:
ssh -vv -i mypem.pem ec2-user@ec2-9-99-999-99.us-east-2.compute.amazonaws.comThis is what I received back:
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "ec2-9-99-999-99.us-east-2.compute.amazonaws.com" port 22
debug2: ssh_connect_direct
debug1: Connecting to ec2-9-99-999-99.us-east-2.compute.amazonaws.com [9.99.999.99] port 22.
ssh: connect to host ec2-9-99-999-99.us-east-2.compute.amazonaws.com port 22: Connection timed outIs there something in the ssh_config I need to change/add?
Do I need to create a .ssh folder under my home directory ?
And create a ssh_config file ??
If so, what do I put into it ?
All of this is new territory for me.
You still have a connectivity problem (the "Connection timed out" message). Your client simply can't get to the AWS server, or (unlikely) the AWS ssh daemon isn't working. If it can reach the ssh server on the AWS instance, you would get a different error (permission denied, or a certificate error, for example).
Is there a firewall in the way? Does the security group on the AWS instance allow port 22 from your client?
ASKER
Thank you for responding.
Duh me!! Once I realized I had not allowed hidden files/folders to show...bingo - there be my .ssh folder! Duh!
I moved the instance's .pem file to the folder, made sure the .ssh folder was 700.
Using the Ubuntu terminal, I decided to ping the Public IPV4 and it just sat and sat.
The server refuses me.
And I know I adjusted my firewall to allow traffic from the server.
If I ping the Public DNS - it hangs. But if I ping, i.e. www.mywebsite.com - it returns successful pings.
Why is that?
I am not sure what is preventing me to ssh.
Better, since you are trying to connect with ssh, would be
nc -v ec2-9-99-999-99.us-east-2.compute.amazonaws.com 22If this immediately returns with, for example, "connection refused", then you are getting to a host, but there is nothing listening on port 22. If it hangs (until it times out, or returns "no route to host), then you are not getting to the host. If it comes back with an ssh server identifier, you have successfully connected. Only when the "nc" test succeeds is it worth trying the ssh.
I still think that you are not getting to the remote server. Maybe try "traceroute -p 22 ec2-9-99-999-99.us-east-2.
ASKER
Thank you for responding.
I tried your command and it returned:
'nc' is not recognized as an internal or external command,
operable program or batch file.I am using a Windows 10 laptop.
But that is a handy command in Linux and I am sure I will be learning it as I also have a Ubuntu 20.04 computer to connect.
So, I tried to telnet and this is what I received:
SSH-2.0-OpenSSH_7.4As I understand it, receiving that response means OpenSSh is installed on the server and I am connected.
Would that be correct??
If so, that leaves either the wrong IPv4 address was used on the Server to grant me security/ ssh permissions etc.
Or I don't have the something right on my windows 10 computer. But if so, what ??
My Windows 10 computer connects wirelessly.
My LAN adapter Wi-Fi and Ethernet adapter Ethernet have different IPv4 address from each other as well the dedicated ip address. The dedicated IP address was used when setting security and network address allowed on the server to allow me to connect to port 22 etc.
Should I have used the wireless wi-fi IPv4 address instead of the dedicated ip address?
I really need to open a terminal window on the server.
Any help is apperciated.
When you did the "telnet", was that to your local Ubuntu server, or to the AWS Ubuntu instance?
As for source addresses, if your Windows laptop is just using the Internet normally, the source IP address will usually be whatever your ISP has assigned to your router. If you are using a VPN to access the Internet, the source address will often be the IP address that the VPN connection has assigned to your end of the connection, and sometime the public IP address assigned to the remote end of the VPN connection (e.g. when I used to connect to our office VPN, the servers within the office environment saw the source IP address assigned to my end of the VPN, but if I went through the VPN to the Internet the source address would be the office's main IP address).
The most reliable way to determine the source address is to look at logs on the AWS system (the Security Group may have logs). Alternatively, if you can briefly open up the Security Group to all traffic, you may be able to see the connection in the AWS Ubuntu Server's logs.
However, your problem seems to be accessing the AWS instance("connection timed out"). Are you using a public IP address on the instance?