skip to Main Content

I am unable to get a connection working using this ssm-proxy.sh script to remote connect to AWS Cloud9 from Visual Studio Code. I am following this article on how to use AWS Cloud9 to power my Visual Studio Code IDE. I am able to connect by SSH but not when invoking the proxy script.

This works:

Host test1
  HostName xx.xxx.xxx.xx
  User ec2-user
  IdentityFile ~/.ssh/vscloud9

However, this doesn’t:

Host cloud9
  IdentityFile ~/.ssh/vscloud9
  User ec2-user
  HostName i-xxxxxxxxxxxxx
  ProxyCommand sh -c "~/.ssh/ssm-proxy.sh %h %p"

Using the AWS CLI I have configured the default named profile with an access key and secret and output of json. Despite it being bad practice, the access key and secret is for the root user so permissions are not causing an issue. This is then detailed in ssm-proxy.sh:

AWS_PROFILE='default'
AWS_REGION='eu-west-2'
MAX_ITERATION=5
SLEEP_DURATION=5

SSH from anywhere is enabled in security groups.

Since plain SSH works with the vscloud9 key, the key pair isn’t the issue. I am thinking that the problem is either the AWS profile or the ssm-proxy.sh script itself.

I am using the Remote – SSH VSCode extension.

I need to get this working so I’m wondering if anyone has any idea why this wouldn’t work?

SSH output in response to Anton in comments:

OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/myname/.ssh/config
debug1: /Users/myname/.ssh/config line 6: Applying options for cloud9
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Executing proxy command: exec sh -c "~/.ssh/ssm-proxy.sh i-xxxxxxxxxxxxxx 22"
debug1: identity file /Users/myname/.ssh/vscloud9 type 0
debug1: identity file /Users/myname/.ssh/vscloud9-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: kex_exchange_identification: banner line 0: {
debug1: kex_exchange_identification: banner line 1:     "StartingInstances": [
debug1: kex_exchange_identification: banner line 2:         {
debug1: kex_exchange_identification: banner line 3:             "CurrentState": {
debug1: kex_exchange_identification: banner line 4:                 "Code": 0,
debug1: kex_exchange_identification: banner line 5:                 "Name": "pending"
debug1: kex_exchange_identification: banner line 6:             },
debug1: kex_exchange_identification: banner line 7:             "InstanceId": "i-xxxxxxxxxxxxxx",
debug1: kex_exchange_identification: banner line 8:             "PreviousState": {
debug1: kex_exchange_identification: banner line 9:                 "Code": 80,
debug1: kex_exchange_identification: banner line 10:                 "Name": "stopped"
debug1: kex_exchange_identification: banner line 11:             }
debug1: kex_exchange_identification: banner line 12:         }
debug1: kex_exchange_identification: banner line 13:     ]
debug1: kex_exchange_identification: banner line 14: }
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

2

Answers


  1. Please check your username. if you are using ubuntu instance try using "ubuntu" in username instead of "ec2-user", and vice-versa

    OR

    Check your security group. Make sure that you have an outbound rule that allows traffic to return from the instance.

    With the default outbound rule

    type: All traffic, Protocol: All, Ports: All, Destination: 0.0.0.0/0
    

    In My case the username was incorrect. On ubuntu instances it should be "ubuntu" and on amazon instances it should be "ec2-user".

    it will work.

    Login or Signup to reply.
  2. Try:

    Host cloud9
      HostName xx.xxx.xxx.xx
      User ec2-user
      IdentityFile ~/.ssh/vscloud9
      ProxyCommand sh -c "~/.ssh/ssm-proxy.sh %h %p"
    

    This rearranges the order, so I tried to see if it would work in the order you provided.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search