Search code examples
amazon-web-servicessshscp

SSH & SCP between two EC2 instances times out

I would like to transfer/tunnel between two Amazon EC2 instances via ssh and scp (from A to B, as shown below).

Both instances are running Ubuntu 18.04.

  • Instance A: ec2-34-200-134-210.compute-1.amazonaws.com
  • Instance B: ec2-34-199-133-209.compute-1.amazonaws.com

Run on Instance A:

  • $ ssh-keygen -t rsa -b 4096
  • Result put at /home/ubuntu/.ssh/id_rsa and /home/ubuntu/.ssh/id_rsa.pub
  • $ chmod 400 /home/ubuntu/.ssh/id_rsa.pub
  • Copy /home/ubuntu/.ssh/id_rsa.pub contents

Run on Instance B:

  • $ sudo vim /etc/ssh/sshd_config
  • Add/uncomment lines:
    • RSAAuthentication yes
    • PubkeyAuthentication yes
  • Append copied contents of /home/ubuntu/.ssh/id_rsa.pub from Instance A to /home/ubuntu/.ssh/authorized_keys

Now, testing from A to B:

ubuntu@ip-XX-XX-XX-XX:~$ ssh -T ubuntu@ec2-34-199-133-209.compute-1.amazonaws.com
ssh: connect to host ec2-34-199-133-209.compute-1.amazonaws.com port 22: Connection timed out

ubuntu@ip-XX-XX-XX-XX:~$ touch testfile.txt && \
>    scp testfile.txt ubuntu@ec2-34-199-133-209.compute-1.amazonaws.com:/home/ubuntu/
ssh: connect to host ec2-34-199-133-209.compute-1.amazonaws.com port 22: Connection timed out

What am I missing here? Do I need to change additional file permissions?

Solution

  • The issue was with Inbound Rules on the security group that applied to the cluster of instances.

    Solution:

    1. On the EC2 dashboard at https://console.aws.amazon.com/ec2/, navigate to Security Groups on the left-hand pane.
    2. Select the security group that applies to Instance B, the instance to which you want to tunnel to.
    3. Add an Inbound Rule on the Inbound tab > Edit. Type: SSH; Port: 22, IP Address: 10.XX.XX.XX/32 where 10.XX.XX.XX is the private IPv4 of Instance A.
    4. Save the rule and log out/log in of Instance A, then re-test as above.