SSH Connection timed out when connecting to my AWS-EC2 instance from my home network. But it works when connecting from my work network

Question

I am trying to connect to my AWS EC2 instance using SSH in PUTTY.

It is working from my work network but it is giving me the "connection timed out" error when connecting from my home network.

Is it an issue concerning my ISP ? Please help.

Answer 1

On the EC2 side:

Check inbound rules in appropriate security group

Since you can connect from work, then you already have an inbound rule in security group with allowed TCP:22

Then find this rule and check it's CIDR. To work from home it should allow connection frome your home IP address. The simplest (and generic) way - set it to 0.0.0.0/0

On the client side:

Check if key auth is allowed and you do have correct key

Add to your home ~/.ssh/config:

Host my_ec2_instance
 Hostname <your_ec2_IP_address>
 User ec2_user # <ubuntu - if you created instance with `ubuntu`-based image >
 Port 22
 PreferredAuthentications publickey
 IdentityFile ~/.ssh/<your_ec2_key>.pub

Check if key is correct.

Also, you can check port 22 manually:

telnet <your_ec2_IP_address> 22

If the proposed actions did not help - try Troubleshooting Guide

There is great Troubleshooting Guide for debug instances connection

Try these steps:

[EC2-VPC] Check the route table for the subnet. You need a route that sends all traffic destined outside the VPC to the Internet gateway for the VPC.

• Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

• In the navigation pane, choose Internet Gateways. Verify that there is an Internet gateway attached to your VPC. Otherwise, choose Create Internet Gateway and follow the directions to create an Internet gateway, select the Internet gateway, and then choose Attach to VPC and follow the directions to attach it to your VPC.

• In the navigation pane, choose Subnets, and then select your subnet.

• On the Route Table tab, verify that there is a route with 0.0.0.0/0 as the destination and the Internet gateway for your VPC as the target. Otherwise, choose the ID of the route table (rtb-xxxxxxxx) to navigate to the Routes tab for the route table, choose Edit, Add another route, enter 0.0.0.0/0 in Destination, select your Internet gateway from Target, and then choose Save.

UPD: howto check if your provider allows outgoing ssh connections

As op said, his provider may block outgoing ssh connections. Fortunately, there are public services with opened port 22

E.g. great shell-based browser browsh accepts connections through 22 port.

See their manual:

Live SSH Demo

Just point your SSH client to brow.sh, eg; ssh brow.sh. No auth needed. The service is for demonstration only, sessions last 5 minutes and are logged.

So, you can check if your outgoing connection is allowed by provider:

$ telnet brow.sh 22
Trying 167.99.26.99...
Connected to brow.sh.
Escape character is '^]'.