cloud
network_error
ai_generated
true
通过 SSH 连接 EC2 实例时连接超时
Connection timed out when connecting to EC2 instance via SSH
ID: cloud/aws-ec2-instance-connect-timeout
88%修复率
89%置信度
1证据数
2023-04-12首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| AWS EC2 | active | — | — | — |
| Amazon Linux 2023 | active | — | — | — |
| Ubuntu 22.04 | active | — | — | — |
| OpenSSH 9.0 | active | — | — | — |
根因分析
EC2 实例无法通过 SSH 连接,原因是缺少或配置错误的安全组规则、子网路由不正确,或实例没有公有 IP(或未位于 NAT 网关之后)。
English
EC2 instance is not reachable over SSH due to missing or misconfigured security group rules, incorrect subnet routing, or the instance not having a public IP (or not being behind a NAT gateway).
官方文档
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html解决方案
-
Verify the security group attached to the EC2 instance allows inbound SSH (port 22) from your IP. Use AWS CLI: `aws ec2 authorize-security-group-ingress --group-id sg-xxxxxxxx --protocol tcp --port 22 --cidr <YOUR_IP>/32`. Replace <YOUR_IP> with your public IP (check via `curl ifconfig.me`).
-
If the instance is in a private subnet, set up an SSH bastion host or use AWS Systems Manager Session Manager: `aws ssm start-session --target <instance-id>`. Ensure the instance has an IAM role with `ssm:StartSession` permission and the SSM Agent is installed.
无效尝试
常见但无效的做法:
-
80% 失败
The OS firewall may allow SSH, but the security group acts as a network-level firewall outside the instance; traffic is dropped before reaching the OS.
-
95% 失败
Rebooting only restarts the OS; security group and VPC routing remain unchanged.