ssh: connect to host port 22: Operation timed out


My instance i-024c38e10d489849f is running, both health checks are passed, I changed my permissions for the .pem file, and I am using the correct username and DNS address. The security group is permitting inbound SSH traffic (port 22) from, My Subnet Route Table has two routes: > my IGW, > local . I have tried to ping my instance with no success. Any ideas on this?!


asked a month ago133 views
4 Answers

My inbound outbound rules for my Security Group.

Enter image description here Enter image description here

answered a month ago
  • These rules look fine, and should allow an inbound SSH connection (and ping).

    What's the AMI that the EC2 was created with?

  • Amazon Linux

  • I have to admit I'm stumped :-( This is the default VPC, deploying into a default subnet, so it will already have an IGW attached, but you've checked that anyway. The default setting for a default subnet is to allocate a public IP, and it's the public IP that you're using. The correct ports are open in the security group to allow ICMP and SSH. It's a standard Amazon Linux AMI, so nothing weird about it.

    As it's Amazon Linux this means EC2 Instance Connect should be preinstalled. Can you connect with that, and just check that the EC2 is running normally?

    You could try Reachability Analyser


This is my inbound outbound rules for my NACL

Enter image description here Enter image description here

answered a month ago

If you have setup security group correctly to allow your ip address on port 22, you should be able to ssh to your EC2 instnce from your local machine. However, there are few other things also, that you need to check and one very common things is NACL.

Check your network ACL settings and allow your IP in the inbound rules, for outbound rules, allow port range "1024-65535" to your IP address Optionally you can also set the allow to and you should be able to communicate.

Please refer AWS Documentation.

Lastly, you mentioned that ping is not working either, so please make sure you 've allowed ICMP IPV4 to your IP address since ping uses ICMP protocol.

Comment here if you have additional questions, happy to help.


profile pictureAWS
answered a month ago
  • Hey Abhishek! Thanks, I posted my NACLs and security group rules below.


When you mention you have a route in the routing table for > local it makes me think you are using the default VPC, would that be right? If that's the case then the network settings and routing should more-or-less all be in place to allow you to connect to the EC2 instance, you just need to have a security group rule allowing inbound port 22 (which you have done).

Can you confirm the host has a public IP address, and that it's definitely the public IP address that you're trying to connect to?

Also, note that any time you stop & start the instance (which is a normal thing to do as part of troubleshooting) the public IP will have changed, so make sure that its the latest, correct public IP you're using.

As @secondabhi_aws says in his answer, for ping to work you need to allow inbound ICMP in the security group

profile picture
answered a month ago
  • Hey Steve, thanks for the response. So yea I am connected to the default VPC. I can confirm that I have a public IP and I ping the new IP everything I start up my instance. I a rule to allow ICMP-IPv4 from (all) in both my attached NACL and in my security group. Still 100% packet loss.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions