By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Amazon EC2 Instance Connect - CLI error

0

Hi

I am trying to connect to my ec2 instance in a private subnet using the AWS cli as per the documentation here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html#SSH-using-EC2-Instance-Connect

When I try to connect to a standard Amazon Linux 2 instance using the following command it works fine aws ec2-instance-connect ssh --instance-id i-0995d1df738104e42 --profile <my profile name>

However, I need to connect to a Kali linux instance using the following ami from the AWS Marketplace https://aws.amazon.com/marketplace/pp/prodview-fznsw3f7mq7to#pdp-usage

I have tried the following commands `aws ec2-instance-connect ssh --instance-id i-0995d1df738104e42 --profile <my profile name>

aws ec2-instance-connect ssh --instance-id i-0995d1df738104e42 --private-key-file <my pem key> --os-user kali --profile <my profile name>

aws ec2-instance-connect ssh --instance-id i-0995d1df738104e42 --profile <my profile name> --os-user kali`

But everytime , I get the following error Websocket Closure Reason: Unable to connect to target kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535

If I try and using Amazon Ec2 Instance Connect for a Kali Linux instance using the console, I get an error that it is unable to ssh to the instance.

Can anyone offer any guidance on what I can do to try and get this working? Are amis such as Kali Linux supported when it comes to Amazon Ec2 Instance Connect?

Topics
Compute
Tags
Amazon EC2Linux
Language
English
Damien Gallagher
asked 9 months ago1209 views
3 Answers
4
Accepted Answer

For Kali Linux, I don't think EC2-Instance-Connect is supported. If you look at this documentation, see pre-requisites. It says supported AMIs are Amazon Linux 2 (any version) and Ubuntu 16.04 or later.

Just FYI, here are the details around EC2 Instance Connect Methods, which would work for above mentioned type of instances AMI.

To connect to instance, make sure of following:

  1. Security Group - Port 22 open for SSH traffic for your IP
  2. NACL- Inbound and Outbound are allowed
  3. Check route tables associated with private subnet hosting this instance.

Hope you find this helpful.

Abhishek

profile pictureAWS
EXPERT
secondabhi_aws
answered 9 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
  • secondabhi_aws EXPERT
    9 months ago

    Hi Damien,

    Do you have any questions further? Happy to help.

2

Hi Damien,

I believe you are using EC2 instance connect to connect to an instance in private subnet. You can either launch the instance using an AMI that comes preinstalled with EC2 Instance Connect, or you can install EC2 Instance Connect on instances that are launched with supported AMIs.

Please see below for the supported AMIs [1]

  1. EC2 Instance Connect comes preinstalled on the following AMIs:

    Amazon Linux 2 2.0.20190618 or later

    Ubuntu 20.04 or later

  2. You can install EC2 Instance Connect on instances that are launched using the following AMIs:

    Amazon Linux 2 (any version)

    Ubuntu 16.04 or later

Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-prerequisites.html#eic-prereqs-amis

AWS
Vamsi Manthapuram
answered 9 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
0

Thank you Abhishek

Are you aware of any plans to expand support for EC2-Instance-Connect to support other AMIs?

Damien Gallagher
answered 9 months ago
  • secondabhi_aws EXPERT
    9 months ago

    I don't find anything in that regard in any of our public documentation. Hope it answers your question. Completely optional, you can approve the answer if there are no questions furthermore.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content