In the video on the left, Ben talks about
common reasons why connecting to an instance
through SSH might fail


In the video on the right, Ben shows you how
to troubleshoot common SSH errors


I have created and launched an Amazon EC2 Linux instance, but I can't connect to the instance using SSH or utilities that connect over SSH such as PuTTY. When I attempt to connect from the Linux command shell, the connection attempt hangs, and when I connect using the PuTTY client an error similar to the following is displayed in the PuTTY client user interface:

Network error: Connection timed out

Both problems indicate that you are unable to access your EC2 instance from your current IP address using SSH.

Network connectivity to an EC2 instance is not enabled by default. You need to make some configuration changes to your VPC in the AWS Management Console.

To ensure that you can connect to your EC2 Linux instance using SSH, first verify that your Security Group(s) permit access to your EC2 instance over SSH from your IP address.

  1. Open the Amazon EC2 console.
  2. In the navigation pane, choose Instances.
  3. Find the EC2 instance you want to connect to from SSH.
  4. In the Description tab at the bottom of the screen, select the security group for the EC2 instance you are trying to connect to.
  5. In the Inbound tab in the pane at the bottom of the screen, ensure that you have a rule that allows SSH from your current public IP address.
    Note: If you’re not sure what your current IP is, enter "my IP address" into your preferred search engine, and note the IP that’s returned. Also, most devices display the IP address currently assigned to them in their network settings.
  6. If the IP your device is using isn’t in the list, choose Edit, then Add rule.
  7. For Source, choose My IP.
  8. Choose Save.

Next, make sure your VPC route table is configured to allow traffic to and from the Internet.

  1. Open the Amazon VPC console.
  2. In the navigation pane, choose Route Tables and then select your VPC route table from the list.
  3. On the Routes tab, ensure that you have a default route pointing to your Internet gateway.
  4. If you do not see this, choose Internet Gateways from the navigation pane and copy the ID of your Internet gateway. If you do not have an Internet gateway, create one and attach it to your VPC. Be sure to copy the ID of the new Internet gateway.
  5. Go back to Route Tables and select the Routes tab.
  6. Edit and create a route that points to your Internet gateway ID.
  7. Save the route table.

Note: Your network ACL rules must allow inbound and outbound IPv4 traffic.

To connect to your instance using an IPv6 address, check the following:

  • Your subnet must be associated with a route table that has a route for IPv6 traffic (::/0) to an Internet gateway.
  • Your security group rules must allow inbound traffic from your local IPv6 address on the proper port: 22 for Linux and 3389 for Windows.
  • Your network ACL rules must allow inbound and outbound IPv6 traffic.
  • If you launched your instance from an older AMI, it might not be configured for DHCPv6 (IPv6 addresses are not automatically recognized on the network interface). For more information, see Configure IPv6 on Your Instances in the Amazon VPC User Guide.
  • Your local computer must have an IPv6 address and must be configured to use IPv6.

If you have completed these steps and you are still unable to connect to your EC2 instance, make sure the SSH daemon is running on the EC2 instance, and that it is configured to listen on the default port (TCP 22). For more information on troubleshooting connectivity issues, see Troubleshooting Connecting to Your Instance, or create a case with AWS Support.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-05-23

Updated: 2017-10-16