How do I troubleshoot problems connecting to my Amazon EC2 Linux instance using SSH?

Last updated: 2021-04-27

I'm unable to connect to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance. How do I troubleshoot and resolve this issue?

Short description

To troubleshoot the issue, log in to the EC2 instance over SSH with verbose messaging on. Use the output messages from the SSH client to determine the type of issue. Then, follow the troubleshooting steps to resolve the issue.

Resolution

Identify the issue

1.    Log in to the EC2 instance over SSH with verbose messaging on:

user@localhost:~$ ssh -v -i my_key.pem ec2-user@11.22.33.44

The preceding example uses my_key.pem for the private key file, and a user name of ec2-user@11.22.33.44. Substitute your key file and your user name for the example's key file and user name. For more information, see Connect to your Linux instance using SSH.

2.    Use the output messages from the SSH client to determine the type of issue.

Troubleshoot the issue

Note: If you enabled EC2 Serial Console for Linux, you can use it to troubleshoot supported Nitro-based instance types. The serial console helps you troubleshoot boot issues, network configuration, and SSH configuration issues. The serial console connects to your instance without the need for a working network connection. You can access the serial console using the Amazon EC2 console or the AWS Command Line Interface (AWS CLI).

Before using the serial console, grant access to it at the account level. Then, create AWS Identity and Access Management (IAM) policies granting access to your IAM users. Also, every instance using the serial console must include at least one password-based user. If your instance is unreachable and you haven’t configured access to the serial console, you can follow the instructions for manually connecting to the instance provided in the following article links.

For information on configuring the EC2 Serial Console for Linux, see Configure access to the EC2 Serial Console.

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.

Error: "Connection timed out" or "Connection refused": For information on resolving this error, see I'm receiving "Connection refused or "Connection timed out" errors when trying to SSH to my EC2 instance. How do I resolve this?

For information on resolving "connection timed out" errors on a virtual private cloud (VPC), see How do I troubleshoot instance connection timeout errors in Amazon VPC?

Error: "Permission denied" or "Authentication failed": For information on resolving this error, see I'm receiving "Permission denied (publickey)" or "Authentication failed, permission denied" errors when trying to access my EC2 instance. How do I resolve this?

Error: "Server refused our key": For more information on resolving this error, see Why am I getting a "Server refused our key" error when I try to connect to my EC2 instance using SSH?

Error: "imported-openssh-key" or "Putty Fatal Error": For more information on resolving these errors, see Why am I receiving "imported-openssh-key" or "Putty Fatal Error" errors when connecting to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance?

Error: "Enter passphrase for key 'my_key.pem'":

This error occurs if you created a password for your key file, but haven't manually entered the password. To correct this error, enter the password or use ssh-agent to load the key automatically.

Automatically troubleshoot SSH errors

Some SSH errors, such as Resource temporarily unavailable, can be caused by a variety of issues. To resolve these types of errors, or if you aren't receiving a specific error message, run the AWSSupport-TroubleshootSSH Automation document to automatically find and correct issues. For more information, see How can I use the AWSSupport-TroubleshootSSH automation workflow to troubleshoot SSH connection issues?