skip to Main Content

Tl’Dr: I’m unable to (ssh) connect to amazon EC2 instance using private IP.

I’m using private IP because

  1. https://stackoverflow.com/a/56159299/2125837
  2. my machine and ec2 are both within my company’s VPN & intranet

The errors I’m getting are:

Resource temporarily unavailable or Connection refused

In fact, I had never been able to, and this is a problem that I’ve been trying to solve for weeks, as aws is so new to me that I don’t even know where to start to ask questions. Now I’m able to replicate the problem with the simplest scenario:

  • Following the Quick Start to launch an instance using my default zone and the IAM of Amazon Linux 2, which is supposed to have everything working out of the box.
  • Using the most open rules:

enter image description here

Yet the connectivity is not there:

$ telnet 172.xx.xx.121 22
Trying 172.xx.xx.121...
telnet: Unable to connect to remote host: Connection refused

And ping is NOK too — 3 packets transmitted, 0 received, 100% packet loss, time 2002ms

Trying to use the AWSSupport-TroubleshootSSH automation workflow to troubleshoot SSH connection issues is failing for both of my Ubuntu and Amazon Linux instances:

enter image description here
enter image description here

What I’m missing?

The answer to
Unable to connect to amazon EC2 instance via PuTTY
talked about VPC Configuration, Internet Gateway and NACLs. Do I need to worry about them? As launching Amazon Linux, with everything default is supposed to have everything working out of the box, right?

2

Answers


  1. Ping will not work because icmp is not enabled same as telnet.

    1. Are you sure your instance is running?
    2. What command are you using to ssh to the instance can i get the full error it displays.
    3. I do this on powershell => ssh -i "keypair.pem" [public ipv4 DNS]
    Login or Signup to reply.
  2. The answer to Unable to connect to amazon EC2 instance via PuTTY
    talked about VPC Configuration, Internet Gateway and NACLs. Do I need
    to worry about them? As launching Amazon Linux, with everything
    default is supposed to have everything working out of the box, right?

    None of those things you mentioned (VPC Configuration, Internet Gateway, NACLS) exist on the EC2 instance, those are all part of the VPC network infrastructure. Launching a default Amazon Linux EC2 server just means it has some default AWS stuff configured on the virtual machine, it has no bearing on the configuration of the network you are launching it into. So yes, you still need to worry about all those things.

    my machine and ec2 are both within my company’s VPN & intranet

    This is the part I would focus on first. How does your company’s VPN and intranet interface with the VPC? How does your company’s network know to route the traffic for your EC2 instance’s private IP over to the AWS VPC?

    Verified that it is appearing under Managed Instances in the Systems Manager console

    Then why not use Systems Manager Session Manager instead of SSH? It’s more secure.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search