How can I troubleshoot connecting to my Amazon EC2 Linux instance using SSH?

5 minute read
0

I can't connect to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance and want to troubleshoot the issue.

Resolution

Connect to the EC2 instance over SSH with verbose messaging on. Use the output messages from the SSH client to determine the type of issue. Or, you can connect to the instance using the EC2 Serial Console (Nitro-based and bare metal instances), or AWS Systems Manager Session Manager. Then, identify the error and use the links in the Troubleshoot common errors section to resolve the issue.

Connect to your instance to identify the issue

Connect using SSH

1.    Connect to the EC2 instance over SSH with verbose messaging on:

user@localhost:~$ ssh -v -i my_key.pem ec2-user@11.22.33.44

This example uses my_key.pem for the private key file, and a username of ec2-user@11.22.33.44. Substitute your key file and your username for the example's key file and username. For more information, see Connect to your Linux instance using SSH.

2.    Use the output messages from the SSH client to determine the type of issue you are experiencing.

Connect using the EC2 Serial Console for Linux on Nitro-based and bare metal instances

If you turned on the EC2 Serial Console for Linux, you can use it to troubleshoot supported Nitro-based instance types and bare metal instances. You can access the Amazon EC2 console or the AWS Command Line Interface (AWS CLI). You don't need a working connection to connect to your instance when you use the EC2 Serial console.

Note: If you haven't previously used the EC2 Serial Console, make sure that you review prerequisites and configure access before trying to connect.

1.    Open the Amazon EC2 console.

2.    Choose Instances.

3.    Select the instance, then choose Actions, Monitor and troubleshoot, EC2 Serial Console, Connect.

or

Select the instance, then choose ConnectEC2 Serial Console, Connect.

An in-browser terminal window opens.

4.    Press Enter. If you're connected to the serial console, then a login prompt returns. If the screen remains black, you can use the following information to help resolve issues with connecting to the serial console:

5.    At the login prompt, enter the username of the password-based user that you set up previously, and then press Enter.

6.    At the Password prompt, enter the password, and then press Enter.

You are now logged in to the instance and can use the serial console for troubleshooting.

Note: You can also connect using your own key and an SSH client.

For more information, see Connect to the EC2 Serial Console.

Connect using Session Manager

You can connect to your instance using AWS Systems Manager Session Manager. After connecting, you can run bash commands on the instance in the same way that you can with other connection methods.

Note: Before connecting using Session Manager, make sure that you complete the necessary set up steps. For more information, see Setting up Session Manager.

1.    Open the Amazon EC2 console.

2.    In the navigation pane, choose Instances.

3.    Select the instance and choose Connect.

4.    For Connection method, choose Session Manager.

5.    Choose Connect.

For more information, see Connect to your Linux instance using Session Manager.

Troubleshoot common errors

Error: "Connection timed out" or "Connection refused": To resolve this error, see I'm receiving "Connection refused" or "Connection timed out" errors when trying to connect to my EC2 instance with SSH. How do I resolve this?

"connection timed out" errors on a virtual private cloud (VPC): To resolve this error, see How do I troubleshoot Amazon EC2 instance connection timeout errors from the internet?

Error: "Permission denied" or "Authentication failed": To resolve this error, see I'm receiving "Permission denied (publickey)" or "Authentication failed, permission denied" errors when trying to access my EC2 instance. How do I resolve this?

Error: "Server refused our key": To resolve this error, see Why am I getting a "Server refused our key" error when I try to connect to my EC2 instance using SSH?

Error: "imported-openssh-key" or "Putty Fatal Error": To resolve this error, see Why am I receiving "imported-openssh-key" or "Putty Fatal Error" errors when connecting to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance?

Error: "Enter passphrase for key 'my_key.pem'":

This error occurs if you created a password for your key file, but haven't manually entered the password. To resolve this error, enter the password or use ssh-agent to load the key automatically.

Automatically troubleshoot SSH errors

There are a number of reasons why you might get an SSH error, like Resource temporarily unavailable. Run the AWSSupport-TroubleshootSSH automation document to automatically find and resolve errors like this.

Related information

How do I troubleshoot issues connecting to my EC2 instance using EC2 Instance Connect?

How do I troubleshoot SSH or RDP connectivity to my EC2 instances launched in a Wavelength Zone?

Troubleshoot connecting to your instance

AWS OFFICIAL
AWS OFFICIALUpdated a year ago
1 Comment

If you can gain access to the SSH server via the serial line, you can look in syslog (/var/log/secure) for SSH server messages. Setting "LogLevel VERBOSE" in /etc/sshd/sshd_config will give more detail, including key fingerprints.

Running sshd in debug mode on another port will give even more detail, e.g. "/usr/sbin/sshd -p 80 -d", then "ssh -p 80 ec2-user@ip-address". Make sure to use an unused port that passes the firewall rules.

adaviel
replied a month ago