After enabling the firewall with 'sudo ufw enable' I can no longer ssh into my ec2 instance. Any way to recover from this? I'm guessing I should have done something like 'sudo ufw allow ssh' but didn't do that before exiting the session. Also, if I had done that, would I be able to ssh in after that, or is there something else I would need to do? Thanks.
This error occurs if you created a password for your key file, but haven't manually entered the password. To resolve this error, enter the password or use ssh-agent to load the key automatically. There are a number of reasons why you might get an SSH error, like Resource temporarily unavailable.
The following are common causes for this error: The host reached the instance but there was no service listening on the SSH port. A firewall blocked and was set to reject the package instead of dropping it.
Your local computer doesn't have an SSH client installed To establish an SSH connection, your computer must have a program called SSH client. It allows you to communicate with a remote server and execute SSH commands. If the program is missing, you will see the SSH “Connection refused” error.
You can recover, but the process is a bit involved.
You will need to detach the volume and reattach it to a new instance. Mount the volume, then find and edit the configuration file to allow ssh through.
Once you are done, you can swap the volume back to the original instance.
In most cases, if you are in VPC and using security groups correctly, you probably wont need a software firewall enabled. Security groups can handle most of the common firewall uses.
Success! @datasage provided the general steps to recover. Here are the details of the actual files I had to change, for anyone else who might need the details.
After creating a new instance and mounting the original OS volume as a data volume to /mnt/ufwOOPS, I made the following changes to the files in /mnt/ufwOOPS/lib/ufw, the manual equivalent to 'sudo ufw allow 22':
Add the following 3 lines, respectively, to the ## RULES ## section of user.rules and user6.rules
user.rules:
### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp --dport 22 -j ACCEPT
user6.rules:
### tuple ### allow any 22 ::/0 any ::/0 in
-A ufw6-user-input -p tcp --dport 22 -j ACCEPT
-A ufw6-user-input -p udp --dport 22 -j ACCEPT
Thanks for the tip @datasage!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With