AWS EC2-Instanz: SSH-Verbindung wird nach konsistentem Timeout dauerhaft gelöscht

Question

Ich habe Probleme beim Herstellen der Verbindung zu Instanzen, die ich mit SSH erstellt habe. Ich kann diese Instanzen nicht einmal pingen (mit ICMP aktiviert).

Wenn ich die Instanz stoppe und neu starte, kann ich für etwa 60 Sekunden eine Verbindung mit SSH herstellen, dann bekomme ich den Fehler: "connection reset by".

Ich habe geeignete SSH-Konfigurationen, die vor einer Woche für mich arbeiteten. In einer Instanz habe ich den gesamten Datenverkehr von überall zugelassen. Kann immer noch nicht pingen. Ich bekomme eine Zeitüberschreitung bei Port 22 Connection. Ich versuchte verschiedene Internet-Verbindungen, Host-Computer. Ich bekomme dieselben Fehler für Amazon/Ubuntu AMIs.

Finden Sie Protokoll am unteren Rand zum Beispiel. Im angehängten Protokoll habe ich die ssh-Konfigurationsdatei angeschaut, aber nichts geändert. Ich habe versucht, einige Debugging-Informationen zu bekommen. Ich habe einige andere Dinge an 2-3 anderen Instanzen versucht, darunter einige Konfiguration in der SSHD-Konfigurationsdatei, nichts hat funktioniert. Vielen Dank!

Konnektivitätsfehler Beispiele: A.

$ ssh -i "ec2_key2.pem" ubuntu@ec2-52-90-56-88.compute-1.amazonaws.com 
ssh: connect to host ec2-52-90-56-88.compute-1.amazonaws.com port 22: Connection timed out 

B.

chinmay@ubuntu:~/AWS$ ssh -Xvvv -i "ec2_key2.pem" ec2-user@ec2-54-147-245-230.compute-1.amazonaws.com 
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 19: Applying options for * 
debug2: ssh_connect: needpriv 0 
debug1: Connecting to ec2-54-147-245-230.compute-1.amazonaws.com [54.147.245.230] port 22. 
debug1: connect to address 54.147.245.230 port 22: Connection refused 
ssh: connect to host ec2-54-147-245-230.compute-1.amazonaws.com port 22: Connection refused 

LOG Befestigt: LOG auf Amazon AMI-Instanz. Die Verbindung wird nach ungefähr 60 Sekunden zurückgesetzt. Ich kann die Instanz stoppen, neu starten und für etwa eine Minute verbinden.

$ ssh -vvv -i "standard_aws_ec2.pem" ec2-user@ec2-54-159-105-2.compute-1.amazonaws.com 
OpenSSH_7.5p1, OpenSSL 1.0.2l 25 May 2017 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug2: resolving "ec2-54-159-105-2.compute-1.amazonaws.com" port 22 
debug2: ssh_connect_direct: needpriv 0 
debug1: Connecting to ec2-54-159-105-2.compute-1.amazonaws.com [54.159.105.2] port 22. 
debug1: Connection established. 
debug1: key_load_public: No such file or directory 
debug1: identity file standard_aws_ec2.pem type -1 
debug1: key_load_public: No such file or directory 
debug1: identity file standard_aws_ec2.pem-cert type -1 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_7.5 
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000 
debug2: fd 3 setting O_NONBLOCK 
debug1: Authenticating to ec2-54-159-105-2.compute-1.amazonaws.com:22 as 'ec2-user' 
debug3: hostkeys_foreach: reading file "/c/Users/chinm/.ssh/known_hosts" 
debug3: send packet: type 20 
debug1: SSH2_MSG_KEXINIT sent 
debug3: receive packet: type 20 
debug1: SSH2_MSG_KEXINIT received 
debug2: local client KEXINIT proposal 
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c 
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc 
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc 
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
debug2: compression ctos: none,zlib@openssh.com,zlib 
debug2: compression stoc: none,zlib@openssh.com,zlib 
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal 
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc 
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc 
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
debug2: compression ctos: none,zlib@openssh.com 
debug2: compression stoc: none,zlib@openssh.com 
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256 
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none 
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none 
debug3: send packet: type 30 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug3: receive packet: type 31 
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ni9r3f3A8dvyLH655cub1AVvuCKywoTQ3Hyz7ZALZiw 
debug3: hostkeys_foreach: reading file "/c/Users/chinm/.ssh/known_hosts" 
debug3: hostkeys_foreach: reading file "/c/Users/chinm/.ssh/known_hosts" 
The authenticity of host 'ec2-54-159-105-2.compute-1.amazonaws.com (54.159.105.2)' can't be established. 
ECDSA key fingerprint is SHA256:ni9r3f3A8dvyLH655cub1AVvuCKywoTQ3Hyz7ZALZiw. 
Are you sure you want to continue connecting (yes/no)? yes 
Warning: Permanently added 'ec2-54-159-105-2.compute-1.amazonaws.com,54.159.105.2' (ECDSA) to the list of known hosts. 
debug3: send packet: type 21 
debug2: set_newkeys: mode 1 
debug1: rekey after 134217728 blocks 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug3: receive packet: type 21 
debug1: SSH2_MSG_NEWKEYS received 
debug2: set_newkeys: mode 0 
debug1: rekey after 134217728 blocks 
debug2: key: standard_aws_ec2.pem (0x0), explicit 
debug3: send packet: type 5 
debug3: receive packet: type 7 
debug1: SSH2_MSG_EXT_INFO received 
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> 
debug3: receive packet: type 6 
debug2: service_accept: ssh-userauth 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug3: send packet: type 50 
debug3: receive packet: type 51 
debug1: Authentications that can continue: publickey 
debug3: start over, passed a different list publickey 
debug3: preferred publickey,keyboard-interactive,password 
debug3: authmethod_lookup publickey 
debug3: remaining preferred: keyboard-interactive,password 
debug3: authmethod_is_enabled publickey 
debug1: Next authentication method: publickey 
debug1: Trying private key: standard_aws_ec2.pem 
debug3: sign_and_send_pubkey: RSA SHA256:myqjI3CrEdes0mQO+Gq9osyyAyO0ONBEjCLYuHAJM10 
debug3: send packet: type 50 
debug2: we sent a publickey packet, wait for reply 
debug3: receive packet: type 52 
debug1: Authentication succeeded (publickey). 
Authenticated to ec2-54-159-105-2.compute-1.amazonaws.com ([54.159.105.2]:22). 
debug1: channel 0: new [client-session] 
debug3: ssh_session2_open: channel_new: 0 
debug2: channel 0: send open 
debug3: send packet: type 90 
debug1: Requesting no-more-sessions@openssh.com 
debug3: send packet: type 80 
debug1: Entering interactive session. 
debug1: pledge: network 
debug3: receive packet: type 80 
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 
debug3: receive packet: type 91 
debug2: callback start 
debug2: fd 3 setting TCP_NODELAY 
debug3: ssh_packet_set_tos: set IP_TOS 0x10 
debug2: client_session2_setup: id 0 
debug2: channel 0: request pty-req confirm 1 
debug3: send packet: type 98 
debug2: channel 0: request shell confirm 1 
debug3: send packet: type 98 
debug2: callback done 
debug2: channel 0: open confirm rwindow 0 rmax 32768 
debug3: receive packet: type 99 
debug2: channel_input_status_confirm: type 99 id 0 
debug2: PTY allocation request accepted on channel 0 
debug2: channel 0: rcvd adjust 2097152 
debug3: receive packet: type 99 
debug2: channel_input_status_confirm: type 99 id 0 
debug2: shell request accepted on channel 0 
Last login: Sun Nov 26 02:10:49 2017 from 198.21.199.65 

     __| __|_ ) 
     _| ( / Amazon Linux AMI 
     ___|\___|___| 

https://aws.amazon.com/amazon-linux-ami/2017.09-release-notes/ 
4 package(s) needed for security, out of 20 available 
Run "sudo yum update" to apply all updates. 
[ec2-user@ip-172-31-93-53 ~]$ ssh -i "standard_aws_ec2.pem" ec2-user@ec2-54-159-105-2.compute-1.amazonaws.com^C 
[ec2-user@ip-172-31-93-53 ~]$ sudo sudo ufw allow 22 
sudo: ufw: command not found 
[ec2-user@ip-172-31-93-53 ~]$ sudo ufw allow 22 
sudo: ufw: command not found 
[ec2-user@ip-172-31-93-53 ~]$ yum install ufw 
Loaded plugins: priorities, update-motd, upgrade-helper 
You need to be root to perform this command. 
[ec2-user@ip-172-31-93-53 ~]$ sudo yum install ufw 
Loaded plugins: priorities, update-motd, upgrade-helper 
No package ufw available. 
Error: Nothing to do 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ss 
ssh/ ssl/ 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ss 
ssh/ ssl/ 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/ 
moduli     ssh_host_dsa_key.pub  ssh_host_ed25519_key.pub 
ssh_config    ssh_host_ecdsa_key  ssh_host_rsa_key 
sshd_config    ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub 
ssh_host_dsa_key   ssh_host_ed25519_key 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/ 
moduli     ssh_host_dsa_key.pub  ssh_host_ed25519_key.pub 
ssh_config    ssh_host_ecdsa_key  ssh_host_rsa_key 
sshd_config    ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub 
ssh_host_dsa_key   ssh_host_ed25519_key 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/ssh 
ssh_config    ssh_host_ecdsa_key  ssh_host_rsa_key 
sshd_config    ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub 
ssh_host_dsa_key   ssh_host_ed25519_key 
ssh_host_dsa_key.pub  ssh_host_ed25519_key.pub 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/ssh 
ssh_config    ssh_host_ecdsa_key  ssh_host_rsa_key 
sshd_config    ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub 
ssh_host_dsa_key   ssh_host_ed25519_key 
ssh_host_dsa_key.pub  ssh_host_ed25519_key.pub 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/ssh 
ssh_config    ssh_host_ecdsa_key  ssh_host_rsa_key 
sshd_config    ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub 
ssh_host_dsa_key   ssh_host_ed25519_key 
ssh_host_dsa_key.pub  ssh_host_ed25519_key.pub 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/sshd_config 
[ec2-user@ip-172-31-93-53 ~]$ sudo netstat -anp | grep sshd 
tcp  0  0 0.0.0.0:22     0.0.0.0:*     LISTEN  2474/sshd 
tcp  0  36 172.31.93.53:22    198.21.199.65:52145   ESTABLISHED 2595/sshd 
tcp  0  0 :::22      :::*      LISTEN  2474/sshd 
unix 2  [ ]   DGRAM     11314 2595/sshd 
unix 3  [ ]   STREAM  CONNECTED  11318 2595/sshd 
unix 3  [ ]   STREAM  CONNECTED  11317 2597/sshd 
[ec2-user@ip-172-31-93-53 ~]$ debug3: send packet: type 1 
Connection reset by 54.159.105.2 port 22 

Answer 1

Ich habe nicht die Antwort auf Ihr Problem, aber ich habe einige Vorschläge, die Sie versuchen können, lassen Sie mich wissen, ob sie funktionieren:

1) Vielleicht wird die Sitzung Zeit wegen Inaktivität aus? versuchen Sie: ssh -o "ServerAliveInterval 40" oder fügen Sie ServerAliveInterval 40 zu Ihrer ssh-Konfigurationsdatei hinzu.

2) Versuchen Sie, die Protokolle für sshd abzurufen, um zu sehen, was los ist.

3) Können Sie Ihre Pub/Priv Schlüssel überprüfen? Ich habe Fehler bei der Verbindung abgewiesen, wenn ich in der Vergangenheit die falschen Schlüssel verwendet habe.

4) Amazon hat eine Liste von Sachen können Sie die connection timed out Problem zu lösen versuchen Sie: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectionTimeout

Viel Glück :)