EC2 Instance SSH Stopped Working Suddenly on Windows
I was successfully connecting to my EC2 instance via SSH from Windows, but suddenly it stopped working.
My setup:
- OS: Amazon Linux 2
- Instance type: t2.micro
- Connecting from: Windows
- SSH client: PuTTY / Windows Terminal
What I have already checked:
- Instance is still in "running" state
- Using the same .pem key that worked before
- No changes made to Security Group
- No changes made to the instance
Error I am getting:
- Connection timed out
I did not make any changes. It was working fine before and suddenly stopped.
What could have caused this and how can I fix it?
- Topics
- Compute
- Tags
- Amazon EC2
- Language
- English
- Newest
- Most votes
- Most comments
When you're experiencing a sudden connection timeout to your EC2 instance via SSH from Windows, even though nothing appears to have changed, here are the key areas to investigate:
Verify Security Group Rules Even if you haven't made changes, you should verify that the security group associated with your instance still allows incoming SSH traffic (port 22) from your IP address. Check that there's an inbound rule allowing SSH traffic from your current IP address. If you're connecting from a location with a dynamic IP address, your IP may have changed, which would block your connection.
Check Network ACLs Network ACLs (Access Control Lists) associated with your subnet could be blocking traffic. Verify that the network ACL rules allow both inbound and outbound SSH traffic on port 22.
Review Route Table Ensure that the route table associated with your subnet has the correct routes configured, particularly for internet gateway connectivity if you're connecting from outside the VPC.
Verify Instance Readiness Confirm that your instance has fully completed its boot process and is ready to accept connections. Even though it shows as "running," there could be underlying issues preventing SSH service availability.
Check Your Current IP Address If your internet service provider uses dynamic IP addressing, your public IP address may have changed since your last successful connection. Update your security group rules to reflect your current IP address.
Since connection timeouts typically indicate network-level blocking rather than authentication issues, the most common cause when "nothing changed" is that your source IP address has changed, or there's been a modification to network-level security controls (security groups or network ACLs) that's preventing the traffic from reaching your instance.
Sources
Troubleshoot issues connecting to your Amazon EC2 Linux instance - Amazon Elastic Compute Cloud
"Connection timed out" with no Security Group changes usually means a network-layer issue, not an SSH configuration issue. Work through these in order:
1. Check if your public IP changed (most common cause)
If your instance was stopped and restarted at any point, the public IP changes unless you're using an Elastic IP. Verify you're connecting to the current public IP:
AWS Console → EC2 → your instance → Public IPv4 address
If it changed, update PuTTY/your SSH command with the new IP.
2. Check Network ACL (often overlooked)
Security Groups are stateful — NACLs are not. A NACL change at subnet level can block SSH even if your Security Group is unchanged.
Console → VPC → Subnets → your subnet → Network ACL → Inbound rules
Ensure port 22 is allowed from your IP (or 0.0.0.0/0 for testing).
3. Check instance system status
Console → EC2 → your instance → Status checks tab
If "System status check" shows failed, the underlying host has an issue. Stop and start the instance (do not reboot — stop/start migrates to a new host).
4. Check route table has an Internet Gateway
Console → VPC → Route Tables → your subnet's route table → Routes
Ensure there's a route 0.0.0.0/0 → igw. If the Internet Gateway route is missing, the instance is unreachable from outside.
5. Verify your own IP hasn't changed
Your home/office IP may have changed since you last connected. Update your Security Group inbound rule for port 22 to your current IP.
