AWS Quick Tips: Can't SSH in!

By J. Toman / on 17 Mar, 2023

Help! I can’t SSH into my EC2 or Lightsail instance!

We’ve been there. It sucks. Here are some strategies we’ve found successful in getting connected to instances again.

  1. The first thing to check is that you’re using the right key, and it has the right permissions (400) for ssh to accept it. If ssh complains about your publickey that’s probably it. That’s more of a generic ssh issue so search for tutorials on that.

  2. If you try to ssh in and it just hangs there waiting to timeout it’s probably your security group configuration. Log in to your AWS Console, go to the details of your EC2 instance, look at the security group details and make sure you have SSH ingress enabled from your local machine. If it’s enabled from everywhere, well that’s a security concern but it means the security group isn’t a problem.

  3. If it’s not the security group, then it might be an OS firewall not permitting SSH to the instance, or not permitting it from the IP address you are using. You should try (4) below, and disable the firewall in a launch script which you can specify in the AWS Console when you launch the new instance.

  4. The thing about instances is you can always get another. If you have modified the SSH server config in any way, added a key to authorized_keys, changed the configuration, then the easiest thing to do is start fresh. This is somewhat similar to this Quick Tip about lost key pairs except you aren’t snapshotting the entire instance, just the EBS volume.

    • Make sure any data you want to keep is on your EBS volume
    • Snapshot the volume
    • Stop the instance, detach and reattach the volume to a new instance, and start fresh.
  5. If that still doesn’t get it done, and I’ve seen that happen, and your main focus is just to get a command line on your instance then you should look at AWS Session Manager. AWS Session Manager doesn’t use SSH, isn’t affected by security group firewalls or VPCs. It does have a more primitive shell and you aren’t logged in as the default user ec2_user or ubuntu on Ubuntu based instances, so there’s that. You need to have the AWS Session Manager installed on your local machine to use it. Here are those docs .

Still unsure? Contact us and we can do the work for you.

Contact Lillibolero