How does ssh to EC2 ubuntu instance working with non public ip address?

0
votes

I'm new to AWS and took over project from earlier engineer who has left organization.

This particular EC2 was created for Region A and later moved AMI to Region B.

The mystery I'm not understanding, the notes says to do SSH to this instance with ssh -i "privateKeyName.pem" [email protected]

But when I see the AWS console for this EC2 instance's public IP address it's different from above IP address

If I try to use current IP address I'm getting error [email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

2
amazon-web-servicesamazon-ec2
You asked how SSH is working with a non-public IP but you didn't provide anything to suggest that SSH was, in fact, working with a non-public IP. Is the title wrong? What is your question?jarmod
Yep, if it's a non-public IP it won't be accessible via the internet at all and will exist in one of the three subnet ranges reserved for internal networks (10.0.0.0/8, 172.16.0.0/20 or 192.168.0.0/16)Adam Luchjenbroers
@jarmod the IP address to which I am connecting with SSH doesn't show under EC2 current instance and am not sure from where does that value comes from ?vikramvi

2 Answers

0
votes

I'm going to answer your initial question first, although it sounds like it's unrelated to the problem you've mentioned

If it has no public IP address, you'll need a way to connect via the private IP - this is typically done using a Bastion Host (which is another instance which does have a public IP, and that you can SSH or RDP into before connecting from the bastion host. Alternatively a VPN connection could be setup connecting your work network or machine to the AWS VPC.

Now, I suspect this isn't your problem, since you were able to connect to the IP address but failed to authenticate. What you should check next is:

  • Is this the correct instance that you're connecting to?
  • Have you got the correct private key (a new keypair will likely have been generated while changing regions).

One way to check this would be to look at the fingerprint for the key-pair in the AWS EC2 web-console (make sure you've got the correct region open) and then check if it matches the fingerprint for the key stored on your local machine.

This superuser article explains key fingerprints and how to check them: https://superuser.com/questions/421997/what-is-a-ssh-key-fingerprint-and-how-is-it-generated

0
votes

I guess the original EC2 has a public IP address, but the address get lost when it is moved into another region ( it is an option to assign a public IP address when moving).

By the way, AWS always change the pubic IP address when you restart an EC2 unless you use Elastic IP.