I've installed ansible on my master vm, created and copied my key to my worker vm, but I'm unable to establish connection with the worker vm. When I try, I don't get any error message; it just stalls. I'm using ubuntu 18 on gcp.
root#mastervm-project:~# ssh ubuntu#10.128.0.11
There is no firewall rule that allows ingress on 22 on your target instance.
I just reproduced. This will do the job:
Step 1:
Add a network tag on your VMs (allow-ssh in my example)
Step 2:
Go to VPC-FirewallRules and create a firewall rule that allows Ingress traffic incoming from instances that have the allow-ssh tag targeting other instances that have the same tag assigned, on tcp 22
Of course this will allow ssh both ways, but I suppose this is not a problem. If you need it one way only, add a comment.
For SSH Database connection, Please check following solution:
Create SSH DB general connection and call it from some other file
i used my lightsail since more than one month, and this morning i got an issue from putty :connexion refused ,
i tried to connect using AWS web terminal and got message:
**An error occurred and we were unable to connect or stay connected to your instance. If this instance has just started up, try again in a minute or two.
UPSTREAM_NOT_FOUND **
My 22 port already opened and i dont have backup,
i still have ftp access and i have plesk working too
-i already rebooted the instance
-stopped then start the instance
-i checked the security group , port 22 is openned
Does anyone know why I am unable to connect to my server using the Notepad++ NppFTP plugin with SFTP?
I have a CentOS 6.4 server with SSH on port 22.
When I try and connect using NppFTP I get the following output:
[NppFTP] Everything initialized
Connecting
[SFTP] Connection failed : Error reading socket
Unable to connect
Disconnected
This used to work when I had my SSH port set to 3264 but when I changed the SSH port back to 22 NppFTP stopped working. All the settings for the profile are correct including the right IP, username, password and port (22).
I can connect with SFTP using FileZilla and WinSCP successfully with these same SFTP details and I can connect with SSH using PuTTY.
I can connect with SFTP to other servers using NppFTP so I believe there is an issue in my server config I'm just not sure where or what.
I looked at the access logs but found no attempt at a connection from NppFTP, I turned the firewall off and still nothing.
In the end I got in touch with my server company and it turns out it was a problem on their end. This is what they had to say:
"This was caused by an IPS rule inspecting the network packets coming into the infrastructure, which helps identify brute force attacks."
Very strange, but after they made the change NppFTP can now connect successfully.
I can't access to AWS EC2 instance from one day.
(AMI: ubuntu/images/ebs/ubuntu-precise-12.04-amd64-server-20121001 (ami-22ad1223))
$ ssh -v -i mykey.pem ubuntu#XXX.XXX.XXX.XXX
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: connect to address xxx.xxx.xxx.xxx port 22: Operation timed out
ssh: connect to host xxx.xxx.xxx.xxx port 22: Operation timed out
This is my "Security Groups" setting in EC2.
I did not change the setting from the time had a good connection.
Ports Protocol Source
22 tcp 0.0.0.0/0
80 tcp 0.0.0.0/0
3000 tcp 0.0.0.0/0
3006 tcp 0.0.0.0/0
I've tried many times to restart the server.
Web server is going well. However SSH connection is not.
What could be problem and how to make it work?
My usual checklist:
On AWS console: is the Instance up and healthy?
Is it in a public Subnet?
Does it have a public ip?
Does the VPC have an associated Internet Gateway?
Does it have the Routing Table to the Internet Gateway? (Attached to the subnet?)
Are the Network ACL rules default?
Does the Security group allow ping? If yes, does the ping work?
Does the Security group allow SSH inbound?
If there is still no clue, then fire up a new instance (from a base AMI) in the same VPC. Connect to it via SSH. If it was successful, try to ssh from that instance.
I too faced the same issue. Actually, by mistake, I deleted the default Internet Gateway.
Go to VPC and click "Internet Gateways" from the left menu.
Click "Create internet gateway" button and provide Name tag (any name - optional) and click create.
By default, it is detached. So click the Actions drop-down and select "Attach to VPC" and attach it with default VPC
Now go to "Route Table" and select default route table and edit the route by clicking "Edit routes" button under Routes tab
Then in the Destination text box provide "0.0.0.0/0" and in target select the newly created Internet gateway (starts with igw-alphanumeric) and save the route.
Now you should be able to SSH EC2 instance.
For newbies to AWS, like me, remember the hostname can change if you reboot or stop/start your instances. So remember to use the right hostname - visible in the description of your instance each time you ssh.
If this happens "from one day", the IP your AWS EC2 instance associated with may be blocked from this day.
If the IP is blocked, you need to add a new dynamic IP and associate this new dynamic IP with your AWS EC2 instance.
Steps:
1.Go to "Elastic IPs".
2.Allocate new address.
3.Choose this new address. Click "Actions" and "Associate address".
4.Select your instance and Click "Associate".
In my case, adding new dynamic IP to my AWS EC2 instance fix the problem.(My problem was I can't access to AWS EC2 instance from one day too)
Kindly create a new security group and select type SSH
SSH
TCP
22
0.0.0.0/0
In addition to Adam's answer, also check if your public subnet's RT table is using the IGW and the private Subnets' RT has 0.0.0.0/0 -> NAT instance Id.
Check that you are connecting to the public dynamic IP or associate an ElasticIP and connect to it.
I was using public wifi in the library and that was not letting me connect, which I came to know when I switched to my mobile hotspot wifi (password protected). Try switching to a protected network.
Even I also faced this same problem, good to know i have not allowed from route table.
Check EC2 Instance associated
And try these steps
subnet,Route table and allowed CIDR blocks
key pair associated with EC2 Instance
security group ssh port 22 allowed or not.
If you are accessing from a new machine, then make sure the IP of the machine you are accessing from is included in the inbound rules. If not add a rule
SSH | TCP | Port:22 | Source: MY IP
For me, I had to delete all my rules for the security group for the particular instance and create new rules for the same ssh, http and https
For some reason after stopping the instance and starting it later, my IP changed... probably because I switched my wifi connectivity device.
But putting new rules with the new IP address worked! You can check the ip by googling "myip"
Well, if this happened all of a sudden, try disconnecting and connecting back to your VPN (if accessing through a VPN). It might work!
I was able to fixed it simply by following this instruction
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html
It sets up your private key pair as well as security group. The issue I think mainly because the default security group doesn't has a ssh inbound for your local IP setup.
If none of the troubleshooting steps above work for you, make sure that your EC2 container meets all system requirements for the application(s) you're running on the container. SSH will sometimes not be able to start if the memory runs out before getting to the SSH service.
Example: I was perfectly able to SSH into my EC2 container when I first launched it. I then proceeded to install Mailcow. My issue with SSH arose after restarting my container because the application I had installed required heavy services -- Docker, for example. After reading the system requirements from Mailcow, I realized a t2.micro wasn't even close to what I needed to run everything. I changed to a t3.large, and all worked perfectly.
Even after doing this for awhile, you can sometimes forget the most basic steps and requirements.
Try stopping the ec2 instance and then restarting. It worked for me!
I set up an ec2 instance. In the security group, I opened up SSH 'tcp' port 80 for 0.0.0.0/0 (all open for testing purposes). I associated the instance with a private key. I downloaded the key and passed it while ssh-ing, but the RSA isn't authenticating. Any ideas?
ssh -i mykey.pem root#mydnsinfo.amazonaws.com
The authenticity of host 'mydns.amazonaws.com(IP)' can't be established.
RSA key finger print is FINGERPRINT
Are you sure you want to continue connecting (yes/no)?
Thank you in advance!!!
This is normal. Your SSH complains about the unknown host key. It always does when connecting to the new host for the first time. Just answer yes, connect and try again.
It should not complain for the second time.
The private key that you downloaded is for your 'root' account not for the whole host.
Securely configured EC2 instances will include the server SSH key fingerprint in the console output that you can access over SSL before you try to connect over SSH. Then when you connect over SSH you need to make sure the fingerprint matches the console. You MUST do this to be able to securely connect to public EC2 instances.
Public EC2 instances generate new server SSH key on each boot. This means that unless you do what I described above, you will be faced with unknown host key warning a lot, and if you ignore that warning you will be throwing security out of the door; you just never know where you will be connecting to.