How can I troubleshoot connecting to my Amazon EC2 Linux instance using SSH?

5 minute read

I can't connect to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance and want to troubleshoot the issue.

Resolution

Connect to the EC2 instance over SSH with verbose messaging on. Use the output messages from the SSH client to determine the type of issue. Or, you can connect to the instance using the EC2 Serial Console (Nitro-based and bare metal instances), or AWS Systems Manager Session Manager. Then, identify the error and use the links in the Troubleshoot common errors section to resolve the issue.

Connect to your instance to identify the issue

Connect using SSH

1. Connect to the EC2 instance over SSH with verbose messaging on:

user@localhost:~$ ssh -v -i my_key.pem ec2-user@11.22.33.44

This example uses my_key.pem for the private key file, and a username of ec2-user@11.22.33.44. Substitute your key file and your username for the example's key file and username. For more information, see Connect to your Linux instance using SSH.

2. Use the output messages from the SSH client to determine the type of issue you are experiencing.

Connect using the EC2 Serial Console for Linux on Nitro-based and bare metal instances

If you turned on the EC2 Serial Console for Linux, you can use it to troubleshoot supported Nitro-based instance types and bare metal instances. You can access the Amazon EC2 console or the AWS Command Line Interface (AWS CLI). You don't need a working connection to connect to your instance when you use the EC2 Serial console.

Note: If you haven't previously used the EC2 Serial Console, make sure that you review prerequisites and configure access before trying to connect.

1. Open the Amazon EC2 console.

2. Choose Instances.

3. Select the instance, then choose Actions, Monitor and troubleshoot, EC2 Serial Console, Connect.

Select the instance, then choose Connect, EC2 Serial Console, Connect.

An in-browser terminal window opens.

4. Press Enter. If you're connected to the serial console, then a login prompt returns. If the screen remains black, you can use the following information to help resolve issues with connecting to the serial console:

Check that you have configured access to the serial console. For more information, see Configure access to the EC2 Serial Console.
Use SysRq to connect to the serial console. SysRq does not require that you connect by using the browser-based client. For more information, see Troubleshoot your Linux instance using SysRq.

Restart getty. If you have SSH access to your instance, then connect to your instance using SSH, and restart getty using the following command.

[ec2-user ~]$ sudo systemctl restart serial-getty@ttyS0

Reboot your instance. You can reboot your instance by using SysRq, the EC2 console, or the AWS CLI. or more information, see Troubleshoot your Linux instance using SysRq or Reboot your instance.

5. At the login prompt, enter the username of the password-based user that you set up previously, and then press Enter.

6. At the Password prompt, enter the password, and then press Enter.

You are now logged in to the instance and can use the serial console for troubleshooting.

Note: You can also connect using your own key and an SSH client.

For more information, see Connect to the EC2 Serial Console.

Connect using Session Manager

You can connect to your instance using AWS Systems Manager Session Manager. After connecting, you can run bash commands on the instance in the same way that you can with other connection methods.

Note: Before connecting using Session Manager, make sure that you complete the necessary set up steps. For more information, see Setting up Session Manager.

1. Open the Amazon EC2 console.

2. In the navigation pane, choose Instances.

3. Select the instance and choose Connect.

4. For Connection method, choose Session Manager.

5. Choose Connect.

For more information, see Connect to your Linux instance using Session Manager.

Troubleshoot common errors

Error: "Connection timed out" or "Connection refused": To resolve this error, see I'm receiving "Connection refused" or "Connection timed out" errors when trying to connect to my EC2 instance with SSH. How do I resolve this?

"connection timed out" errors on a virtual private cloud (VPC): To resolve this error, see How do I troubleshoot Amazon EC2 instance connection timeout errors from the internet?

Error: "Permission denied" or "Authentication failed": To resolve this error, see I'm receiving "Permission denied (publickey)" or "Authentication failed, permission denied" errors when trying to access my EC2 instance. How do I resolve this?

Error: "Server refused our key": To resolve this error, see Why am I getting a "Server refused our key" error when I try to connect to my EC2 instance using SSH?

Error: "imported-openssh-key" or "Putty Fatal Error": To resolve this error, see Why am I receiving "imported-openssh-key" or "Putty Fatal Error" errors when connecting to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance?

Error: "Enter passphrase for key 'my_key.pem'":

This error occurs if you created a password for your key file, but haven't manually entered the password. To resolve this error, enter the password or use ssh-agent to load the key automatically.

Automatically troubleshoot SSH errors

There are a number of reasons why you might get an SSH error, like Resource temporarily unavailable. Run the AWSSupport-TroubleshootSSH automation document to automatically find and resolve errors like this.