Not able to ssh/http into EC2 instance

0
votes

I am at my wits end with this, please help.

I am creating EC2 instances in my default public VPC, yet i am not able to ssh or http to my instance or webserver running into the machine. I checked the following

  • The SG has inbound SSH, HTTP and HTTPS allowed from 0.0.0.0/0 and assigned to my instance
  • the default VPC, has route tables with 0.0.0.0/0 pointed to IGW
  • the NACLs are configured to Allow all traffic. i also manually updated to allow only HHTP, HTTPS and SSH
  • the Key is use has been given the right permission by running chmod 400 filename

Despite all this not able to connect to the EC2 instance, AMI being Amazon Linux 2 AMI

enter image description here

enter image description here

enter image description here

enter image description here

enter image description here

enter image description here

When I try to ssh, i get a connection timeout error after a while, initially, i thought it was my office network but I am also getting the same from my home network with no firewalls in place

1
amazon-web-servicesamazon-ec2sshaws-security-group
Does your SG egress allow outgoing connections? - jordanm
yes, initially it allowed all traffic to 0.0.0.0/0 now i have also updated to SSH, HTTP and HTTPS just to check and same problem persists. updated with iamges - Tatha
Please could you share the command you are trying to use to connect? - August Williams
can you telnet to the port <22> ? can you share the ssh verbose logs? there are 6 outbound rules configured in the security picture you shared.. can you check those ? - samtoddler
What are the outbound NACLs rules? Usually you leave NACLs in their default state, without modifying them. - Marcin

1 Answers

2
votes

To allow an SSH connection, you will need:

  • An Amazon EC2 instance running Linux launched in a public subnet (defined as having a Route Table that directs 0.0.0.0/0 to an Internet Gateway)
  • A Security Group permitting Inbound access on port 22 (Outbound configuration is irrelevant)
  • Network ACLs left at their default settings of Allow All in both directions
  • A Public IP address associated with the instance

From your descriptions, I would say that the problem is probably with the Outbound NACLs. Return traffic from an SSH session goes back to the source port on the initiating server, which is not port 22. In general, only change the NACLs if you have a specific reason, such as creating a DMZ. I recommend you reset the NACL rules to Allow All traffic in both directions.