- Newest
- Most votes
- Most comments
There is an AWS Premium Support article that can be helpful to troubleshoot - https://aws.amazon.com/premiumsupport/knowledge-center/ec2-linux-ssh-troubleshooting/
If you still can't figure out, also take a look at this - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html
Also additional information that Miguel has pointed out will help us guide you better on what the issue might be. Definitely check that the security group on the EC2 machine allows ssh connection from your machine. If you are connecting over VPN your IP address as seen by EC2 may not be the same as what https://www.whatsmyip.org/ shows.
I will try this but not fix my issue let me know which security rule i will show so you can know better
if instance is created using ami, then you should check the user name associated with the ami for ssh root user doesent work for such ec2s sometimes.
According to the Setup Documentation for EC2 Instance Connect, there are three key steps (plus an optional one to install a client on your local machine, which I'm ignoring here given your context). These steps are:
- Network Access
- EC2 Instance Connect Agent (already installed on Ubuntu images after 16.04)
- IAM
EC2 Instance Connect uses SSH on TCP port 22 to connect to your instance. You can use the the Reachability Analyser to check access to port 22 from your source addresses, or the VPC flow logging to look for Deny statements around TCP port 22.
If your AMI is an Ubuntu 16.04 server or later supplied by Canonical, then you already have the agent installed. If it's not, it's worth making sure you've followed the steps in the setup document to get the agent installed.
The last thing you need to look at, from a setup perspective is to make sure you have IAM set up properly. Your user needs an IAM policy attaching to it which allows the "ec2-instance-connect:SendSSHPublicKey" action. In the above linked document, there are samples for allowing this on a specific group of instances, or for allowing based on specific instance Tags - customise to your specific use case.
One other thing to consider is that Ubuntu images use the username "ubuntu" to login, where Amazon Linux 2 images use "ec2" as the username, so make sure you're logging in with the right username! Good luck!
Relevant content
- asked 6 years ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Can you provide a little more information about your EC2 instance and network setup? What AMI did you use to launch your EC2 instance (or at least what OS is it running)? How do you have your security group for the EC2 instances you're trying to connect to configured? Are you trying to use Instance Connect via the EC2 console, the CLI, or an SSH client?