- Newest
- Most votes
- Most comments
My public IP address is added to the security group, and I have ensured that the inbound rules allow SSH traffic (port 22) from my IP.
Are you going through a proxy or something like that? This could mean that the IP address of your device isn't the address that your connection is seen to be originating from.
Just for troubleshooting, consider opening up the security group rule to 0.0.0.0/0 and you can always tighten this up again later.
From the command line, the error message is: "Bad owner or permissions on [path to key file]"
Later on in your question you've identified that key.pem must only be readable by the owner, and you've done this chmod 400 /path/to/your/key.pem
TCP ping to the port 22 and the response was Connection timed out
How did you ping to port 22, as ping uses ICMP not TCP?
Consider opening the ICMP port in your security group rule from source 0.0.0.0/0 - again this is just for troubleshooting and you can remove it later.
Can you do a traceroute or tracert ?
We create a new instance under the same VPC subnet We review the VPC subnet, route, and everything was correct.
Confirm (i) that the instance has a public IP address; (ii) that the route table has a route for 0.0.0.0/0 whose target is an Internet Gateway; (iii) there are no NACLs (there shouldn't be, generally leave these alone and they won't get in your way)
You may want to consider Amazon Reachability Analyser https://docs.aws.amazon.com/vpc/latest/reachability/getting-started.html
Maybe I should have asked this at the start, what AMI has the EC2 instance been provisioned with (OS type, etc.)?
Are you going through a proxy or something like that?
I don't use VPN or Proxy.
Later on in your question you've identified that key.pem must only be readable by the owner, and you've done this chmod 400 /path/to/your/key.pem
The key.pem file has chmod 400 permission.
Just for troubleshooting, consider opening up the security group rule to 0.0.0.0/0 and you can always tighten this up again later.
The Security Group is configured with my Public IP, additionally, I set 0.0.0.0/0 as a test and tried to access from my WiFi, which has another public IP, as well as from my own IP.
How did you ping to port 22, as ping uses ICMP not TCP?
TCP Ping does not use the ICMP protocol; TCP Ping is achieved by sending TCP packets to a specific port. I use the paping tool.
Consider opening the ICMP port in your security group rule from source 0.0.0.0/0 - again this is just for troubleshooting and you can remove it later.
I also try this.
Can you do a traceroute or tracert ?
I can perform tracert or traceroute to the IPv4 DNS of my instance, and the last hop is the public IP of my instance.
Confirm
I also confirmed the numbers that you have indicated to me and everything seems to be in order, the instance has a public IP, the route has 0.0.0.0/0 I do not have NACLs
what AMI has the EC2 instance been provisioned with (OS type, etc.)?
The AMI used is Ubuntu, I also have another one with VyOS 1.3.3 from the Community, both stopped working overnight, literally, with different Security Groups. I changed VPC or location and created a free instance with Ubuntu from scratch to test, and the problem is the same.
Best regards,
Relevant content
- Accepted Answerasked 6 months ago
- asked 10 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 23 days ago
- AWS OFFICIALUpdated 7 months ago
To confirm - you're accessing both the Ubuntu and the VyOS EC2s, using the same keypair, and on both you're getting the error "Bad owner or permissions on [path to key file]" when trying to SSH to both?