从我的家庭网络连接到我的 AWS-EC2 实例时,SSH 连接超时。但是从我的工作网络连接时它有效
SSH Connection timed out when connecting to my AWS-EC2 instance from my home network. But it works when connecting from my work network
我正在尝试使用 PUTTY 中的 SSH 连接到我的 AWS EC2 实例。
它在我的工作网络上运行,但在从我的家庭网络连接时出现 "connection timed out" 错误。
这是我的 ISP 的问题吗?请帮忙。
EC2 方:
检查适当的入站规则security group
由于您可以从工作中连接,那么您在 security group 中已经有一个允许 TCP:22
的入站规则
然后找到这条规则并检查它是CIDR。要在家工作,它应该允许从您的家庭 IP 地址连接。
最简单(和通用)的方法 - 将其设置为 0.0.0.0/0
在客户端:
检查是否允许密钥授权以及您是否拥有正确的密钥
添加到您的主页 ~/.ssh/config:
Host my_ec2_instance
Hostname <your_ec2_IP_address>
User ec2_user # <ubuntu - if you created instance with `ubuntu`-based image >
Port 22
PreferredAuthentications publickey
IdentityFile ~/.ssh/<your_ec2_key>.pub
检查密钥是否正确。
此外,您可以手动检查端口 22:
telnet <your_ec2_IP_address> 22
如果建议的操作没有帮助 - 请尝试故障排除指南
调试实例连接很好Troubleshooting Guide
试试这些步骤:
[EC2-VPC] Check the route table for the subnet. You need a route that sends all traffic destined outside the VPC to the Internet gateway for the VPC.
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Internet Gateways. Verify that there is an Internet gateway attached to your VPC. Otherwise, choose Create Internet Gateway and follow the directions to create an Internet gateway, select the Internet gateway, and then choose Attach to VPC and follow the directions to attach it to your VPC.
In the navigation pane, choose Subnets, and then select your subnet.
On the Route Table tab, verify that there is a route with 0.0.0.0/0 as the destination and the Internet gateway for your VPC as the target. Otherwise, choose the ID of the route table (rtb-xxxxxxxx) to navigate to the Routes tab for the route table, choose Edit, Add another route, enter 0.0.0.0/0 in Destination, select your Internet gateway from Target, and then choose Save.
UPD:如何检查您的提供商是否允许传出 ssh 连接
正如 op 所说,他的提供商可能会阻止传出 ssh 连接。
幸运的是,有 public 个服务打开了端口 22
例如基于 shell 的浏览器 browsh 接受通过 22 端口的连接。
查看他们的 manual:
Live SSH Demo
Just point your SSH client to brow.sh, eg; ssh brow.sh. No auth needed. The service is for demonstration only, sessions last 5 minutes and are logged.
因此,您可以检查提供商是否允许您的传出连接:
$ telnet brow.sh 22
Trying 167.99.26.99...
Connected to brow.sh.
Escape character is '^]'.
我正在尝试使用 PUTTY 中的 SSH 连接到我的 AWS EC2 实例。
它在我的工作网络上运行,但在从我的家庭网络连接时出现 "connection timed out" 错误。
这是我的 ISP 的问题吗?请帮忙。
EC2 方:
检查适当的入站规则security group
由于您可以从工作中连接,那么您在 security group 中已经有一个允许 TCP:22
然后找到这条规则并检查它是CIDR。要在家工作,它应该允许从您的家庭 IP 地址连接。
最简单(和通用)的方法 - 将其设置为 0.0.0.0/0
在客户端:
检查是否允许密钥授权以及您是否拥有正确的密钥
添加到您的主页 ~/.ssh/config:
Host my_ec2_instance
Hostname <your_ec2_IP_address>
User ec2_user # <ubuntu - if you created instance with `ubuntu`-based image >
Port 22
PreferredAuthentications publickey
IdentityFile ~/.ssh/<your_ec2_key>.pub
检查密钥是否正确。
此外,您可以手动检查端口 22:
telnet <your_ec2_IP_address> 22
如果建议的操作没有帮助 - 请尝试故障排除指南
调试实例连接很好Troubleshooting Guide
试试这些步骤:
[EC2-VPC] Check the route table for the subnet. You need a route that sends all traffic destined outside the VPC to the Internet gateway for the VPC.
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Internet Gateways. Verify that there is an Internet gateway attached to your VPC. Otherwise, choose Create Internet Gateway and follow the directions to create an Internet gateway, select the Internet gateway, and then choose Attach to VPC and follow the directions to attach it to your VPC.
In the navigation pane, choose Subnets, and then select your subnet.
On the Route Table tab, verify that there is a route with 0.0.0.0/0 as the destination and the Internet gateway for your VPC as the target. Otherwise, choose the ID of the route table (rtb-xxxxxxxx) to navigate to the Routes tab for the route table, choose Edit, Add another route, enter 0.0.0.0/0 in Destination, select your Internet gateway from Target, and then choose Save.
UPD:如何检查您的提供商是否允许传出 ssh 连接
正如 op 所说,他的提供商可能会阻止传出 ssh 连接。
幸运的是,有 public 个服务打开了端口 22
例如基于 shell 的浏览器 browsh 接受通过 22 端口的连接。
查看他们的 manual:
Live SSH Demo
Just point your SSH client to brow.sh, eg;
ssh brow.sh. No auth needed. The service is for demonstration only, sessions last 5 minutes and are logged.
因此,您可以检查提供商是否允许您的传出连接:
$ telnet brow.sh 22
Trying 167.99.26.99...
Connected to brow.sh.
Escape character is '^]'.