There is an AWS Premium Support article that can be helpful to troubleshoot - https://aws.amazon.com/premiumsupport/knowledge-center/ec2-linux-ssh-troubleshooting/
If you still can't figure out, also take a look at this - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html
Also additional information that Miguel has pointed out will help us guide you better on what the issue might be. Definitely check that the security group on the EC2 machine allows ssh connection from your machine. If you are connecting over VPN your IP address as seen by EC2 may not be the same as what https://www.whatsmyip.org/ shows.
I will try this but not fix my issue let me know which security rule i will show so you can know better
if instance is created using ami, then you should check the user name associated with the ami for ssh root user doesent work for such ec2s sometimes.
According to the Setup Documentation for EC2 Instance Connect, there are three key steps (plus an optional one to install a client on your local machine, which I'm ignoring here given your context). These steps are:
- Network Access
- EC2 Instance Connect Agent (already installed on Ubuntu images after 16.04)
EC2 Instance Connect uses SSH on TCP port 22 to connect to your instance. You can use the the Reachability Analyser to check access to port 22 from your source addresses, or the VPC flow logging to look for Deny statements around TCP port 22.
If your AMI is an Ubuntu 16.04 server or later supplied by Canonical, then you already have the agent installed. If it's not, it's worth making sure you've followed the steps in the setup document to get the agent installed.
The last thing you need to look at, from a setup perspective is to make sure you have IAM set up properly. Your user needs an IAM policy attaching to it which allows the "ec2-instance-connect:SendSSHPublicKey" action. In the above linked document, there are samples for allowing this on a specific group of instances, or for allowing based on specific instance Tags - customise to your specific use case.
One other thing to consider is that Ubuntu images use the username "ubuntu" to login, where Amazon Linux 2 images use "ec2" as the username, so make sure you're logging in with the right username! Good luck!
- asked 5 months ago
- asked 3 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- How to figure out whether NAT Gateway processing charge is due to internet bound traffic or within AWS?EXPERTpublished 9 months ago