EC2 인스턴스에 액세스하려고 할 때 시간 초과의 가능한 이유
내 인스턴스에 SSH를 사용할 수 없습니다. 작업 시간이 초과되었습니다. 그 이유는 무엇이며 해결하려면 어떻게해야합니까? 재부팅은 일반적으로 적용하는 데 오랜 시간이 걸리며 상황을 악화시킬 수 있습니다.
업데이트 : 권한에 관한 것이 아닙니다. 정상적으로 로그인 할 수 있습니다. 기억력 문제 때문인 것 같습니다
인스턴스에 적절한 보안 그룹을 설정 했습니까? 즉, 네트워크에서 인스턴스의 포트 22 로의 액세스를 허용하는 것입니다. (기본적으로 모든 트래픽이 허용되지 않습니다.)
업데이트 : 보안 그룹 문제가 아닙니다. 그러나 동일한 AMI에서 다른 인스턴스를 시작하고 이에 액세스하려고하면 문제가 지속됩니까? 이 특정 EC2 인스턴스가 어떤 식 으로든 무작위로 실패했을 수 있습니다. 그런 일이 발생하는 것은 시간 문제 일뿐입니다. (권장 자료 : Architecting for the Cloud : Best Practices (PDF), Amazon의 웹 서비스 전도사 인 Jinesh Varia의 논문. 특히 "Design for failure and nothing will fail"섹션을 참조하십시오.)
나는 같은 문제가 있었고 해결책은 내 로컬 컴퓨터의 IP를 활성 보안 그룹의 인바운드 규칙 목록에 추가하는 것이 었습니다. 아래 인바운드 대화 상자에서 포트 범위에 22를 입력 하고 소스 필드에 로컬 IP / 32를 입력하고 드롭 다운에 'custom tcp rule'을 남겨 둡니다.
파괴하고 새로 만들기
연결할 수있는 가용성 영역과 연결할 수없는 영역이 있습니다. 몇 시간 후 너무 답답해서 해당 가용성 영역의 모든 항목을 삭제했습니다.
모든 것을 다시 구축하기 위해 모든 것을 만들어야했습니다. 여기에는 다음이 포함됩니다.
- VPC 생성
CIDR: 10.0.0.0/24
- 인터넷 게이트웨이 생성
- 인터넷 게이트웨이 를 VPC에 연결
- 라우팅 테이블 생성
- 추가 항로 에 라우팅 테이블
Destination: 0.0.0.0/0Target: <Internet Gateway from earlier>
- 서브넷 생성
CIDR: 10.0.0.0/24Routing Table: <Routing Table from earlier
이 모든 것을 얻으려면 많은 것을 더듬어 야했습니다. 가장 효율적이라고 생각하는 방식으로 단계를 주문했지만 다음 항목에 사용할 수있는 항목을 얻으려면 단계를 조정해야 할 수도 있습니다.
암시
나는 당신이 나처럼 열핵을 사용하라고 제안하는 것이 아닙니다. 이 모든 정보를 제공하여 이러한 연결이 적절한 지 확인할 수 있도록합니다.
This answer is for the silly folks (like me). Your EC2's public DNS might (will) change when it's restarted. If you don't realize this and attempt to SSH into your old public DNS, the connection will stall and time out. This may lead you to assume something is wrong with your EC2 or security group or... Nope, just SSH into the new DNS. And update your ~/.ssh/config file if you have to!
To connect use ssh like so:
ssh -i keyname.pem username@xxx.xx.xxx.xx
Where keyname.pem is the name of your private key, username is the correct username for your os distribution, and xxx.xx.xxx.xx is the public ip address.
When it times out or fails, check the following:
Security Group
Make sure to have an inbound rule for tcp port 22 and either all ips or your ip. You can find the security group through the ec2 menu, in the instance options.
Routing Table
For a new subnet in a vpc, you need to change to a routing table that points 0.0.0.0/0 to internet gateway target. When you create the subnet in your vpc, by default it assigns the default routing table, which probably does not accept incoming traffic from the internet. You can edit the routing table options in the vpc menu and then subnets.
Elastic IP
For an instance in a vpc, you need to assign a public elastic ip address, and associate it with the instance. The private ip address can't be accessed from the outside. You can get an elastic ip in the ec2 menu (not instance menu).
Username
Make sure you're using the correct username. It should be one of ec2-user or root or ubuntu. Try them all if necessary.
Private Key
Make sure you're using the correct private key (the one you download or choose when launching the instance). Seems obvious, but copy paste got me twice.
Have you looked at the console output from the instance ? You can do this via the AWS console (Instances -> Right-click on the instance -> Get System Log). I've had occasions where the network services on an EC2 instance failed to start correctly, resulting in timed out SSH connections; restarting the instance usually fixed things.
AFTER 2 HOURS I FOUND THIS
Note That ssh ip 120.138.105.251/32
IS NOT aws instance IP ADDRESS
It Is not your local ip
127.0.0.1It Is not your local ip
localhost
BUT BUT BUT
Its Your public ip address of your personal Computer from which you trying to access aws instance
- Go to https://www.whatismyip.com/ whatever ip address put in ssh
IF YOU WANT TO FULLY OPEN SSH TO ALL IP ADDRESS 
THIS IS HOW FULLY ACCESSIBLE ENTRIES LOOK - BASIC RECOMEENDED 
THIS IS WHAT I AM USING IN PRODUCTION 
The following are possible issues:
The most likely one is that the Security Group is not configured properly to provide SSH access on port 22 to your i.p. Change in security setting does not require a restart of server for it to be effective but need to wait a few minutes for it to be applicable.
The local firewall configuration does not allow SSH access to the server. ( you can try a different internet connection, your phone/dongle to try it)
The server is not started properly ( then the access checks will fail even on the amazon console), in which case you would need to stop and start the server.
Just reboot the Ec2 Instance once you applied Rules
One more possibility. AWS security groups are setup to work only with specific incoming ip addresses. If your security group is setup in this way you (or the account holder) will need to add your ip address to the security group. Todo this open your AWS dashboard, select security groups, select a security group and click on the inbound tab. Then add your ip as appropriate.
I had the same problem, and the solution was allowing access from anywhere to the list of inbound rules in the active security group. In the inbound dialog, enter 22 in the port range, anywhere in the source field, and select 'ssh' in the dropdown.
P.S : This might not be the recommended solution as it means this instance can be ssh'ed from any machine, but I could not get it to work with my local IP.
I had similar problem, when I was using public Wifi, which didn't have password. Switching the internet connection to a secure connection did solve the problem.
If SSH access doesn't work for your EC2 instance, you need to check:
- Security Group for your instance is allowing Inbound SSH access (check: view rules).
If you're using VPC instance (you've VPC ID and Subnet ID attached to your instance), check:
- In VPC Dashboard, find used Subnet ID which is attached to your VPC.
- Check its attached Route table which should have
0.0.0.0/0as Destination and your Internet Gateway as Target.
On Linux, you may also check route info in System Log in Networking of the instance, e.g.:
++++++++++++++++++++++++++++++++++++++Net device info+++++++++++++++++++++++++++++++++++++++
+--------+------+------------------------------+---------------+-------+-------------------+
| Device | Up | Address | Mask | Scope | Hw-Address |
+--------+------+------------------------------+---------------+-------+-------------------+
| lo | True | 127.0.0.1 | 255.0.0.0 | . | . |
| eth0 | True | 172.30.2.226 | 255.255.255.0 | . | 0a:70:f3:2f:82:23 |
+--------+------+------------------------------+---------------+-------+-------------------+
++++++++++++++++++++++++++++Route IPv4 info+++++++++++++++++++++++++++++
+-------+-------------+------------+---------------+-----------+-------+
| Route | Destination | Gateway | Genmask | Interface | Flags |
+-------+-------------+------------+---------------+-----------+-------+
| 0 | 0.0.0.0 | 172.30.2.1 | 0.0.0.0 | eth0 | UG |
| 1 | 10.0.3.0 | 0.0.0.0 | 255.255.255.0 | lxcbr0 | U |
| 2 | 172.30.2.0 | 0.0.0.0 | 255.255.255.0 | eth0 | U |
+-------+-------------+------------+---------------+-----------+-------+
where UG flags showing you your internet gateway.
For more details, check: Troubleshooting Connecting to Your Instance at Amazon docs.
Check out this help page on AWS docs:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectionTimeout You will probably find your solution there. for me this part did the fix:
[EC2-VPC] Check the route table for the subnet. You need a route that sends all traffic destined outside the VPC to the Internet gateway for the VPC.
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Internet Gateways. Verify that there is an Internet gateway attached to your VPC. Otherwise, choose Create Internet Gateway and follow the directions to create an Internet gateway, select the Internet gateway, and then choose Attach to VPC and follow the directions to attach it to your VPC.
In the navigation pane, choose Subnets, and then select your subnet.
On the Route Table tab, verify that there is a route with 0.0.0.0/0 as the destination and the Internet gateway for your VPC as the target. Otherwise, choose the ID of the route table (rtb-xxxxxxxx) to navigate to the Routes tab for the route table, choose Edit, Add another route, enter 0.0.0.0/0 in Destination, select your Internet gateway from Target, and then choose Save.
But I suggest you check out all the options the link above covers , you may find there the one or more issues that you got.
My issue - I had port 22 open for "My IP" and changed the internet connection and IP address change caused. So had to change it back.
To enable ssh access from the Internet for instances in a VPC subnet do the following:
- Attach an Internet gateway to your VPC.
- Ensure that your subnet's route table points to the Internet gateway.
- Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
- Ensure that your network access control (at VPC Level) and security group rules (at ec2 level) allow the relevant traffic to flow to and from your instance. Ensure your network Public IP address is enabled for both. By default, Network AcL allow all inbound and outbound traffic except explicitly configured otherwise
For me it was the apache server hosted on a t2.micro linux EC2 instance, not the EC2 instance itself.
I fixed it by doing:
sudo su
service httpd restart
Building off @ted.strauss's answer, you can select SSH and MyIP from the drop down menu instead of navigating to a third party site.
I had the same problem and I solved it by adding a rule to the security Groups
Inbound SSH 0.0.0.0/0
Or you can add your IP address only
For me, it was that I had deleted everything from the boot volume. And couldn't connect to the instance anymore.
I was working on the instance and it was fine, the very next day when I tried to SSH into my instance it said - Connection timeout.
I tried to go through this post but nothing worked. So I did -
On the Edit inbound rules from source column choose MY IP and it will automatically populate your Public IP address in CIDR format (XXX.XXX.XXX.XX/32).
I tried with the @ted.strauss answer by giving local IP but it did not help in my case. So I choose MY IP and it worked.
Hope this helps someone!
먼저 DNS를 ping합니다. 실패하면 시작 마법사에서 인바운드 / 아웃 바운드 규칙을 구성하십시오. 모든 트래픽과 모든 프로토콜을 구성하고 기본 옵션으로 저장하십시오. 로컬 시스템으로 다시 핑하면 작동합니다.
'programing tip' 카테고리의 다른 글
| Java를 사용하여 기본 웹 브라우저를 여는 방법 (0) | 2020.08.28 |
|---|---|
| Android AsyncTask 스레드 제한? (0) | 2020.08.28 |
| 운영 체제 정보 얻기 (0) | 2020.08.28 |
| Retrofit 2.0 역 직렬화 된 오류 응답을 얻는 방법. (0) | 2020.08.28 |
| 객체 초기화 구문 (0) | 2020.08.28 |