7

Accidentally, Port 22 got closed. I cannot ssh into the instance, though the instance are running well on other desired ports. Getting following error while doing SSH.

ssh: connect to host X.X.X.X port 22: Connection refused

I restarted the instance, but still ssh is not working. The security groups are open for port 22 from anywhere(0.0.0.0/0).

I was trying to set the default welcome message after SSH on the machine by editing /etc/ssh/sshd_config file. Just after editing and reloading the ssh with the following command I was unable to ssh again.

sudo service ssh reload

kenorb
  • 20,250
  • 14
  • 140
  • 164
Ajeet Khan
  • 251
  • 1
  • 3
  • 8
  • Please, provide the output of this: root@kali:~# nc 127.0.0.1 22 < <(echo "test") | echo $? If the output is "0", then the 22 port is being opened at least for the localhost and the underlying reason is somewhere else. This is the most probable case here. Also you can post your /etc/ssh/sshd_conf here, but basically, there is plenty of reasons, which could lead to this. – VVelev Nov 20 '15 at 15:33
  • @DreadX Are you saying to run the command on my system? because you have mentioned localhost. Or do you want me to replace the localhost IP with the IP of my remote server in which am not able to ssh. – Ajeet Khan Nov 20 '15 at 15:59
  • Try the steps from the link below: Detailed steps: http://developer.ps/index.php/2016/11/20/fix-amazon-ec2-ssh-login/ Also here: https://aws.amazon.com/articles/5213606968661598 – Dirar Abu Kteish Nov 26 '16 at 07:43
  • As there is no `console` on AWS it is probably good practice to add an additional `port` directive in `sshd_config` to listen on multiple ports. – Stuart Cardall Aug 07 '18 at 08:23

3 Answers3

8

I did it by detaching the volume from the current instance than added it to the other instance as a secondary volume. Than the volume become readable, and I changed the ssh config file to default one. Detached the volume and added back to the original instance

Ajeet Khan
  • 251
  • 1
  • 3
  • 8
  • would elaborate as to why the volume became readable when added it as a secondary volume? – Thufir Jan 03 '17 at 04:53
  • @Thufir The volume was always readable, its just the SSH port got closed. That is why one won't be able to SSH, but after adding it as a secondary volume we are doing SSH on some other instance and simply accessing the secondary volume. Hope this clarify your doubt. – Ajeet Khan Jan 03 '17 at 07:02
  • More detailed instructions on how to do this in my old answer [here](https://unix.stackexchange.com/a/366480/230851). – Nadreck Jul 08 '17 at 06:32
0

Since you were disconnected from the machine, you can go to AWS EC2 console page and in Instances, select the running instance and in Instance Settings you can get either System Log or Sceenshot to see what happened.

Then to fix the access, you can go use Run Command tool which allows you to remotely administer your instances for example by running a shell script or specify the commands to run (AWS-RunShellScript provided by SSM Agent).

The SSM Agent runs on EC2 instances and enables you to quickly and easily execute remote commands or scripts against one or more instances. Currently, the SSM Agent and Run Command enable you to quickly run Shell scripts on an instance using the AWS-RunShellScript SSM document.

See: SSM Run Command Walkthrough Using the AWS CLI

Then take the Sceenshot again to see if the problem has been fixed.

To test SSH access, you can also use A Java SSH Client (by selecting your instance, then Connect option), however it requires web browser which supports NPAPI plugins (such as Firefox).

AWS EC2 - Connect to your instance - Java SSH Client - NPAPI plugin

kenorb
  • 20,250
  • 14
  • 140
  • 164
  • That won't work, since ssh was blocked. OP solved the problem in a different way. – Thomas Dickey Jun 12 '16 at 09:34
  • I think running some script or command using AWS-RunShellScript will work, since it doesn't use SSH as far as I know, but [SSM Agent](https://github.com/aws/amazon-ssm-agent). – kenorb Jun 12 '16 at 11:32
-1

You should be able to get VNC console connection (Not sure about Amazon but DigitalOcean allows this, and it has saved me in a similar situation).

It would be available from your account/instance when you login on the web site. It's as if you had plugged in a keyboard directly to the server (hence, no need for ssh to be working correctly).

For more details, have a look: Troubleshooting Connecting to Your Instance page.

kenorb
  • 20,250
  • 14
  • 140
  • 164
cmaceachern
  • 245
  • 1
  • 7
  • Thanx for your answer. I did it by detaching the volume from the current instance than added it to the other instance as a secondary volume. Than the volume become readable, and I changed the ssh config file to default one. Detached the volume and added back to the original instance. – Ajeet Khan Dec 02 '15 at 07:42
  • AWS does not have KVM-type access, VNC or a serial console on the VM – Gert van den Berg Apr 09 '20 at 06:38