Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

If I modify the port from 22 to 2222 in the secure instance connect feature with the correct configuration...?

0

I am currently using the Secure Instance Connect feature. I've configured two security groups: one for the endpoint and another for the private instance. The feature's limitations specify allowing only port 22 and 3389, so I enabled port 22 in the endpoint security group for the instance security group ID. When port 22 is enabled in the instance security group, I can successfully connect to the instance. However, if I allow any other port, the instance becomes inaccessible. To address this, I also configured SSH settings using the path 'vi /etc/ssh/sshd_config' and restarted the SSH service. Despite these efforts, I'm still unable to connect to the instance. Could you confirm whether my approach is correct, or if there is an alternative solution available?

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2Amazon VPCSecurity Group
Language
English
asked 2 years ago1.1K views
1 Answer
0
Accepted Answer

Hello.

As I answered in the previous question, if you change the SSH listening port, you will no longer be able to SSH with EC2 Instance Connect Endpoint.
Please do not change ports other than port 22 or 3389 as they are not allowed.
https://repost.aws/ja/questions/QUNbtjF5hBS8mriY19UuQJ1A/if-i-use-port-2222-instead-of-port-22-ssh-for-the-secure-endpoint-connection-feature-on-the-instance

If you want to change the SSH port number, you will need to connect using Systems Manager's Session Manager, etc.
https://aws.amazon.com/jp/blogs/mt/use-port-forwarding-in-aws-systems-manager-session-manager-to-connect-to-remote-hosts/

EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
  • KARTHIK PT
    2 years ago

    I'm currently using an Ubuntu AMI, and I've enabled port 22. Can I change it to port 3389, and will it still work?

  • Riku_Kobayashi EXPERT
    2 years ago

    Port 3389 is the RDP port number, so it will probably stop working.

  • Gary Mclean EXPERT
    2 years ago

    https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-using-eice.html

    Agree only 2 defines ports are supported.

  • Gary Mclean EXPERT
    2 years ago

    What’s interesting is that the cli supports changing the port. I’m going to investigate

  • KARTHIK PT
    2 years ago

    I modified the port number to 3389 instead of 22 in the Ubuntu AMI, and I utilized tunnel commands such as: 'aws ec2-instance-connect open-tunnel --instance-id i-0d76e8852ssf4920e --remote-port 3389 --local-port 5555.' Subsequently, I connected successfully using PuTTY. However, when attempting to connect using Windows Command Line or PowerShell, I encountered connectivity issues with the instance..

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content