ssh:连接到主机端口 22:操作超时 - IP 已添加到安全组

ssh:连接到主机端口 22:操作超时 - IP 已添加到安全组

我的基础设施在 AWS 中。我有一个堡垒实例,通过它我能够访问 ec2 实例。我大约 95% 的时间都能登录到它。我的 IP 已列在堡垒的入口规则中。我已将我的密钥添加到 ssh 代理中。

我意识到我工作结束后从不注销,而是关闭笔记本电脑。它是否认为我仍处于登录状态,所以才不让我再次登录?有什么办法可以解决吗?

我很困惑为什么这种情况会一直发生。有什么想法吗?

ssh dsutil -vvv
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/me/.ssh/config
debug1: /Users/me/.ssh/config line 5: Applying options for dsutil
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolve_canonicalize: hostname XX.XX.XX.XXX is address
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -vvv -W '[%h]:%p' new-dev-bastion
debug1: Executing proxy command: exec ssh -vvv -W '[XX.XX.XX.XXX]:22' new-dev-bastion
debug1: identity file /Users/me/.ssh/id_rsa type -1
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: identity file /Users/me/.ssh/id_dsa type -1
debug1: identity file /Users/me/.ssh/id_dsa-cert type -1
debug1: identity file /Users/me/.ssh/id_ecdsa type -1
debug1: identity file /Users/me/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/me/.ssh/id_ed25519 type -1
debug1: identity file /Users/me/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/me/.ssh/id_xmss type -1
debug1: identity file /Users/me/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/me/.ssh/config
debug1: /Users/me/.ssh/config line 1: Applying options for new-dev-bastion
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolve_canonicalize: hostname X.XX.XXX.XXX is address
debug2: ssh_connect_direct
debug1: Connecting to X.XX.XXX.XXX [X.XX.XXX.XXX] port 22.
debug1: connect to address X.XX.XXX.XXX port 22: Operation timed out
ssh: connect to host X.XX.XXX.XXX port 22: Operation timed out
ssh_exchange_identification: Connection closed by remote host

答案1

您仍在登录的会话不应受到干扰。这里的问题似乎是Operation timed out。您可以检查是否到达远程端口 22 吗?您可以使用telnetnc,例如:

nc -zv X.XX.XXX.XXX 22

如果出现超时,则问题出在您的网络和 EC2 实例之间:某个地方您无法访问远程 22 端口。
然后您可以检查:

  1. 您的网络:您能访问其他 22 端口吗?例如:
    nc -zv portquiz.net 22
    
  2. AWS 安全组:您的 IP 是否仍与入口规则中列出的 IP 相同?您可以暂时从 0.0.0.0 开放流量然后尝试登录吗?
  3. Bastion 服务器正在运行:服务器可能挂起且没有响应。您可以 ping 通它吗?您可以重新启动它并尝试登录吗?

相关内容