AWS EC2 인스턴스 : 일관된 시간 초과 후 SSH 연결이 영구적으로 끊깁니다.

Question

SSH로 만든 인스턴스에 연결하는 데 문제가 있습니다. 필자는 ICMP를 사용하여 이러한 인스턴스를 Ping 할 수도 없습니다.

인스턴스를 중지하고 다시 시작하면 약 60 초 동안 SSH에 연결할 수 있습니다. 그러면 "connection reset by"오류가 발생합니다.

필자는 일주일 전에 저에게 적합한 SSH 구성을 가지고 있습니다. 한 예로, 어디에서나 모든 트래픽을 허용했습니다. 아직도 ping을 할 수 없습니다. 포트 22 연결 시간이 초과되었습니다. 다른 인터넷 연결, 호스트 컴퓨터를 사용해 보았습니다. Amazon/Ubuntu AMI에 대해 동일한 오류가 발생합니다.

예를 들어 하단에 로그를 찾으십시오. 첨부 된 로그에서 ssh config 파일을 살펴 보았지만 아무 것도 변경하지 않았습니다. 일부 디버깅 정보를 얻으려고했습니다. SSHD 구성 파일의 일부 구성을 포함하여 2-3 개의 다른 인스턴스에서 다른 작업을 시도했지만 아무 것도 작동하지 않았습니다. 감사합니다.

연결 오류 예 : A.

$ ssh -i "ec2_key2.pem" ubuntu@ec2-52-90-56-88.compute-1.amazonaws.com 
ssh: connect to host ec2-52-90-56-88.compute-1.amazonaws.com port 22: Connection timed out 

B.

chinmay@ubuntu:~/AWS$ ssh -Xvvv -i "ec2_key2.pem" ec2-user@ec2-54-147-245-230.compute-1.amazonaws.com 
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 19: Applying options for * 
debug2: ssh_connect: needpriv 0 
debug1: Connecting to ec2-54-147-245-230.compute-1.amazonaws.com [54.147.245.230] port 22. 
debug1: connect to address 54.147.245.230 port 22: Connection refused 
ssh: connect to host ec2-54-147-245-230.compute-1.amazonaws.com port 22: Connection refused 

LOG은 첨부 : LOG 아마존 AMI 인스턴스. 약 60 초 후에 연결이 재설정됩니다. 인스턴스를 중지했다가 다시 시작한 후 약 1 분간 연결할 수 있습니다.

$ ssh -vvv -i "standard_aws_ec2.pem" ec2-user@ec2-54-159-105-2.compute-1.amazonaws.com 
OpenSSH_7.5p1, OpenSSL 1.0.2l 25 May 2017 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug2: resolving "ec2-54-159-105-2.compute-1.amazonaws.com" port 22 
debug2: ssh_connect_direct: needpriv 0 
debug1: Connecting to ec2-54-159-105-2.compute-1.amazonaws.com [54.159.105.2] port 22. 
debug1: Connection established. 
debug1: key_load_public: No such file or directory 
debug1: identity file standard_aws_ec2.pem type -1 
debug1: key_load_public: No such file or directory 
debug1: identity file standard_aws_ec2.pem-cert type -1 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_7.5 
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000 
debug2: fd 3 setting O_NONBLOCK 
debug1: Authenticating to ec2-54-159-105-2.compute-1.amazonaws.com:22 as 'ec2-user' 
debug3: hostkeys_foreach: reading file "/c/Users/chinm/.ssh/known_hosts" 
debug3: send packet: type 20 
debug1: SSH2_MSG_KEXINIT sent 
debug3: receive packet: type 20 
debug1: SSH2_MSG_KEXINIT received 
debug2: local client KEXINIT proposal 
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c 
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc 
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc 
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
debug2: compression ctos: none,zlib@openssh.com,zlib 
debug2: compression stoc: none,zlib@openssh.com,zlib 
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal 
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc 
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc 
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 
debug2: compression ctos: none,zlib@openssh.com 
debug2: compression stoc: none,zlib@openssh.com 
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256 
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none 
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none 
debug3: send packet: type 30 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug3: receive packet: type 31 
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ni9r3f3A8dvyLH655cub1AVvuCKywoTQ3Hyz7ZALZiw 
debug3: hostkeys_foreach: reading file "/c/Users/chinm/.ssh/known_hosts" 
debug3: hostkeys_foreach: reading file "/c/Users/chinm/.ssh/known_hosts" 
The authenticity of host 'ec2-54-159-105-2.compute-1.amazonaws.com (54.159.105.2)' can't be established. 
ECDSA key fingerprint is SHA256:ni9r3f3A8dvyLH655cub1AVvuCKywoTQ3Hyz7ZALZiw. 
Are you sure you want to continue connecting (yes/no)? yes 
Warning: Permanently added 'ec2-54-159-105-2.compute-1.amazonaws.com,54.159.105.2' (ECDSA) to the list of known hosts. 
debug3: send packet: type 21 
debug2: set_newkeys: mode 1 
debug1: rekey after 134217728 blocks 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug3: receive packet: type 21 
debug1: SSH2_MSG_NEWKEYS received 
debug2: set_newkeys: mode 0 
debug1: rekey after 134217728 blocks 
debug2: key: standard_aws_ec2.pem (0x0), explicit 
debug3: send packet: type 5 
debug3: receive packet: type 7 
debug1: SSH2_MSG_EXT_INFO received 
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> 
debug3: receive packet: type 6 
debug2: service_accept: ssh-userauth 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug3: send packet: type 50 
debug3: receive packet: type 51 
debug1: Authentications that can continue: publickey 
debug3: start over, passed a different list publickey 
debug3: preferred publickey,keyboard-interactive,password 
debug3: authmethod_lookup publickey 
debug3: remaining preferred: keyboard-interactive,password 
debug3: authmethod_is_enabled publickey 
debug1: Next authentication method: publickey 
debug1: Trying private key: standard_aws_ec2.pem 
debug3: sign_and_send_pubkey: RSA SHA256:myqjI3CrEdes0mQO+Gq9osyyAyO0ONBEjCLYuHAJM10 
debug3: send packet: type 50 
debug2: we sent a publickey packet, wait for reply 
debug3: receive packet: type 52 
debug1: Authentication succeeded (publickey). 
Authenticated to ec2-54-159-105-2.compute-1.amazonaws.com ([54.159.105.2]:22). 
debug1: channel 0: new [client-session] 
debug3: ssh_session2_open: channel_new: 0 
debug2: channel 0: send open 
debug3: send packet: type 90 
debug1: Requesting no-more-sessions@openssh.com 
debug3: send packet: type 80 
debug1: Entering interactive session. 
debug1: pledge: network 
debug3: receive packet: type 80 
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 
debug3: receive packet: type 91 
debug2: callback start 
debug2: fd 3 setting TCP_NODELAY 
debug3: ssh_packet_set_tos: set IP_TOS 0x10 
debug2: client_session2_setup: id 0 
debug2: channel 0: request pty-req confirm 1 
debug3: send packet: type 98 
debug2: channel 0: request shell confirm 1 
debug3: send packet: type 98 
debug2: callback done 
debug2: channel 0: open confirm rwindow 0 rmax 32768 
debug3: receive packet: type 99 
debug2: channel_input_status_confirm: type 99 id 0 
debug2: PTY allocation request accepted on channel 0 
debug2: channel 0: rcvd adjust 2097152 
debug3: receive packet: type 99 
debug2: channel_input_status_confirm: type 99 id 0 
debug2: shell request accepted on channel 0 
Last login: Sun Nov 26 02:10:49 2017 from 198.21.199.65 

     __| __|_ ) 
     _| ( / Amazon Linux AMI 
     ___|\___|___| 

https://aws.amazon.com/amazon-linux-ami/2017.09-release-notes/ 
4 package(s) needed for security, out of 20 available 
Run "sudo yum update" to apply all updates. 
[ec2-user@ip-172-31-93-53 ~]$ ssh -i "standard_aws_ec2.pem" ec2-user@ec2-54-159-105-2.compute-1.amazonaws.com^C 
[ec2-user@ip-172-31-93-53 ~]$ sudo sudo ufw allow 22 
sudo: ufw: command not found 
[ec2-user@ip-172-31-93-53 ~]$ sudo ufw allow 22 
sudo: ufw: command not found 
[ec2-user@ip-172-31-93-53 ~]$ yum install ufw 
Loaded plugins: priorities, update-motd, upgrade-helper 
You need to be root to perform this command. 
[ec2-user@ip-172-31-93-53 ~]$ sudo yum install ufw 
Loaded plugins: priorities, update-motd, upgrade-helper 
No package ufw available. 
Error: Nothing to do 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ss 
ssh/ ssl/ 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ss 
ssh/ ssl/ 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/ 
moduli     ssh_host_dsa_key.pub  ssh_host_ed25519_key.pub 
ssh_config    ssh_host_ecdsa_key  ssh_host_rsa_key 
sshd_config    ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub 
ssh_host_dsa_key   ssh_host_ed25519_key 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/ 
moduli     ssh_host_dsa_key.pub  ssh_host_ed25519_key.pub 
ssh_config    ssh_host_ecdsa_key  ssh_host_rsa_key 
sshd_config    ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub 
ssh_host_dsa_key   ssh_host_ed25519_key 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/ssh 
ssh_config    ssh_host_ecdsa_key  ssh_host_rsa_key 
sshd_config    ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub 
ssh_host_dsa_key   ssh_host_ed25519_key 
ssh_host_dsa_key.pub  ssh_host_ed25519_key.pub 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/ssh 
ssh_config    ssh_host_ecdsa_key  ssh_host_rsa_key 
sshd_config    ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub 
ssh_host_dsa_key   ssh_host_ed25519_key 
ssh_host_dsa_key.pub  ssh_host_ed25519_key.pub 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/ssh 
ssh_config    ssh_host_ecdsa_key  ssh_host_rsa_key 
sshd_config    ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub 
ssh_host_dsa_key   ssh_host_ed25519_key 
ssh_host_dsa_key.pub  ssh_host_ed25519_key.pub 
[ec2-user@ip-172-31-93-53 ~]$ sudo vim /etc/ssh/sshd_config 
[ec2-user@ip-172-31-93-53 ~]$ sudo netstat -anp | grep sshd 
tcp  0  0 0.0.0.0:22     0.0.0.0:*     LISTEN  2474/sshd 
tcp  0  36 172.31.93.53:22    198.21.199.65:52145   ESTABLISHED 2595/sshd 
tcp  0  0 :::22      :::*      LISTEN  2474/sshd 
unix 2  [ ]   DGRAM     11314 2595/sshd 
unix 3  [ ]   STREAM  CONNECTED  11318 2595/sshd 
unix 3  [ ]   STREAM  CONNECTED  11317 2597/sshd 
[ec2-user@ip-172-31-93-53 ~]$ debug3: send packet: type 1 
Connection reset by 54.159.105.2 port 22 

Answer 1

나는 당신의 문제에 대한 답이 없어하지만 난 당신이 시도 할 수있는 몇 가지 제안이, 그들이 일하는 경우 알려 주시기 :

1) 아마 세션이 비 활동으로 인해 시간 초과는 무엇입니까? 시도 : ssh -o "ServerAliveInterval 40" 또는 ServerAliveInterval 40을 ssh 구성 파일에 추가하십시오.

2) 진행 상황을 보려면 sshd에 대한 로그를 검색하십시오.

3) 공개/개인 키를 다시 확인할 수 있습니까? 과거에 잘못된 키를 사용했을 때 연결 오류가 거부되었습니다. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectionTimeout

행운을 빕니다 :)

:

4) 아마존은 당신이 connection timed out 문제를 해결하기 위해 할 시도 할 물건의 목록이 있습니다