- Newest
- Most votes
- Most comments
Hi Gary,
Just made it and working fine. So maybe you should redeploy it or review VPC settings (SG, IGW, Route Table, KEYS and etc).
EC2 Serial Console you have right, it's not available for that AMI there.
21:21:24-drixter@devil:~$ ssh -C -l admin 54.153.xx.xx
The authenticity of host '54.153.xx.xx (54.153.xx.xx)' can't be established.
ED25519 key fingerprint is SHA256:hOyemVtyfpoY6RawlL75Em6sUQPw6rzW0QvLdF296jw.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '54.153.xx.xx' (ED25519) to the list of known hosts.
Linux ip-172-31-15-181 6.1.0-13-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55 -1 (2023-09-29) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
admin@ip-172-31-15-181:~$ uname -a
Linux ip-172-31-15-181 6.1.0-13-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64 GNU/Linux
admin@ip-172-31-15-181:~$ cat /etc/debian_version
12.2
admin@ip-172-31-15-181:~$ sudo su -
root@ip-172-31-15-181:~#
Thanks,
There are a few things to check that could be causing the issue connecting to your new Debian EC2 instance via SSH:
-
Confirm the instance security group allows incoming SSH on port 22 from your IP address. The default security group often only allows SSH from other instances in the same security group. You may need to add a rule to allow your public IP.
-
Check that SSH is actually running on the instance. Connect using AWS Systems Manager Session Manager and verify the SSH service is active by running:
sudo systemctl status ssh
- Confirm there is no firewall on the instance blocking SSH connections. Debian does not enable firewall by default, but you can check with:
sudo ufw status
- Verify the SSH daemon configuration allows SSH over port 22. The /etc/ssh/sshd_config should have:
Port 22
#Port 22
-
Check that the root volume has permissions to allow the ec2-user SSH access. Run
ls -ld /and confirm the permissions allow access. -
As a last resort, try rebooting the Debian instance to restart all services.
If it still doesn't work after verifying those items, there may be an issue with the Debian AMI that needs further debugging. The AWS Linux, Ubuntu, RHEL images are better tested for EC2 compatibility.
Great info, BTW.
#1 checks out.
Also I'm connecting (initially at least) from the AWS console. Not even attempting to connect any other way, initially.
Here's the trick. I can't even get on the new Instance a minute after creating it to check most of these settings.
Even the AWS console's EC2 Instance Connect cannot connect. So checking #2, #3 and #4 are not checkable as I can't even get onto the instance from AWS EC2 console.
Hi Gary,
Did you follow about below? It's require public IP and so on. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectionTimeout
As last option, login over EC2 Serial Console?
Thanks,
Thx for that suggestion :) Yes, It's got a public IP that the EC2 Instance Connect is attempting to connect over that IP. Serial Console is definitely a good idea but apparently Debian quickstart image does not allow Console:
This instance type is not supported for the EC2 serial console. To connect to the serial port of an instance using the EC2 serial console, the instance must use an instance type that is built on the AWS Nitro System. You can change the instance type to a supported virtualized instance type or bare metal instance type.
Hi Gary,
So maybe this AMI is broken, on which Region did you run it? Maybe I'll test by myself to look around.
About EC2 Serial Console, this works perfectly fine for me custom Debian image with HVM virtualization :-)
Thanks,
Thanks for your time Marcin. Appreciate it a lot. This is on us-west-1 and I'm using the generic quickstart Debian 12 ami in that region (ami-0aafdae616ee7c9b7).
Like you say, I do wonder if it's broken. But it's been 24 hours and you'd think someone in the region would have reported to AWS, but maybe that's me, haha.
Cheers! Gary
Hello. I'm in ap-east-1 and I face this issue two, only debian system can not connect through console, other system works fine
Relevant content
- asked 10 months ago
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated 8 months ago
Will do! And will come back and update here if I find root cause. Thx for that sanity check there.
Marcin, btw, I thought I'd let you know that, the root cause for both debian and rhel not allowing Instance Connect (or ssh from my work machine) to my EC2 instances was, for some reason, .ssh/authorized_keys did not get the public ssh key for the KeyPair that I selected when instantiating the instance. On a hunch, I created a cloud-init script and for both operating systems and in that script added the appropropriate "ssh-rsa ..." to authorized_keys and it worked just fine.
For my other EC2 instances using Ubuntu or Aws Linux, those keys are already present for the "ec2-user" and "debian" users (respectively) in the authorized_keys file under .ssh and don't require this workaround.
Very odd indeed, haha.
Not sure why this happens, but I'm now building this functionality into my instance provisioning (which is all done in Java via AWS API) via cloud-init scripts.