两个 EC2 实例之间的 SSH 和 SCP 超时

Question

I would like to transfer/tunnel between two Amazon EC2 instances via ssh and scp (from A to B, as shown below).

Both instances are running Ubuntu 18.04.

• Instance A: ec2-34-200-134-210.compute-1.amazonaws.com
• Instance B: ec2-34-199-133-209.compute-1.amazonaws.com

Run on Instance A:

• $ ssh-keygen -t rsa -b 4096
• Result put at /home/ubuntu/.ssh/id_rsa and /home/ubuntu/.ssh/id_rsa.pub
• $ chmod 400 /home/ubuntu/.ssh/id_rsa.pub
• Copy /home/ubuntu/.ssh/id_rsa.pub contents

Run on Instance B:

• $ sudo vim /etc/ssh/sshd_config
• Add/uncomment lines:
  • RSAAuthentication yes
  • PubkeyAuthentication yes
• Append copied contents of /home/ubuntu/.ssh/id_rsa.pub from Instance A to /home/ubuntu/.ssh/authorized_keys

Now, testing from A to B:

ubuntu@ip-XX-XX-XX-XX:~$ ssh -T ubuntu@ec2-34-199-133-209.compute-1.amazonaws.com
ssh: connect to host ec2-34-199-133-209.compute-1.amazonaws.com port 22: Connection timed out

ubuntu@ip-XX-XX-XX-XX:~$ touch testfile.txt && \
>    scp testfile.txt ubuntu@ec2-34-199-133-209.compute-1.amazonaws.com:/home/ubuntu/
ssh: connect to host ec2-34-199-133-209.compute-1.amazonaws.com port 22: Connection timed out

What am I missing here? Do I need to change additional file permissions?

Answer 1

The issue was with Inbound Rules on the security group that applied to the cluster of instances.

Solution:

1. On the EC2 dashboard at https://console.aws.amazon.com/ec2/ , navigate to Security Groups on the left-hand pane.
2. Select the security group that applies to Instance B, the instance to which you want to tunnel to.
3. Add an Inbound Rule on the Inbound tab > Edit. Type: SSH; Port: 22, IP Address: 10.XX.XX.XX/32 where 10.XX.XX.XX is the private IPv4 of Instance A.
4. Save the rule and log out/log in of Instance A, then re-test as above.