# 通过 SSH 连接 EC2 实例时连接超时

- **ID:** `cloud/aws-ec2-instance-connect-timeout`
- **领域:** cloud
- **类别:** network_error
- **验证级别:** ai_generated
- **修复率:** 88%

## 根因

EC2 实例无法通过 SSH 连接，原因是缺少或配置错误的安全组规则、子网路由不正确，或实例没有公有 IP（或未位于 NAT 网关之后）。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| AWS EC2 | active | — | — |
| Amazon Linux 2023 | active | — | — |
| Ubuntu 22.04 | active | — | — |
| OpenSSH 9.0 | active | — | — |

## 解决方案

1. ```
   Verify the security group attached to the EC2 instance allows inbound SSH (port 22) from your IP. Use AWS CLI: `aws ec2 authorize-security-group-ingress --group-id sg-xxxxxxxx --protocol tcp --port 22 --cidr <YOUR_IP>/32`. Replace <YOUR_IP> with your public IP (check via `curl ifconfig.me`).
   ```
2. ```
   If the instance is in a private subnet, set up an SSH bastion host or use AWS Systems Manager Session Manager: `aws ssm start-session --target <instance-id>`. Ensure the instance has an IAM role with `ssm:StartSession` permission and the SSM Agent is installed.
   ```

## 无效尝试

- **** — The OS firewall may allow SSH, but the security group acts as a network-level firewall outside the instance; traffic is dropped before reaching the OS. (80% 失败率)
- **** — Rebooting only restarts the OS; security group and VPC routing remain unchanged. (95% 失败率)