I have an EC2 instance running. I can ssh with no problems:
ssh -i mykey.pem ec2-user@someIPaddress
. However, scp fails. Running this:
scp -vvv -i mykey.pem test.txt ec2-user@someIPaddress:/tmp/
produces the following result:
Executing: program /usr/bin/ssh host someIPadress, user ec2-user, command scp -v -t /tmp/
OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to someIPaddress [someIPaddress] port 22.
debug1: connect to address someIPadress port 22: Network is unreachable
ssh: connect to host someIPaddress port 22: Network is unreachable
lost connection
Additional infos:
My .pem key has read and write permissions only for myself (-rw-------).
I was told that there might be a problem with scp if running /bin/true on EC2 produces a non-empty line, but this is not the case here:
[ec2-user@someIPaddress ~]$ /bin/true
[ec2-user@someIPaddress ~]$
I verified that test.txt exists :)
I verified that I can write into /tmp by logging in via ssh.
I am surprised that ssh works, but not scp. Any ideas?
Edit: Running
ssh -vvv -i mykey.pem ec2-user@someIP
produces:
OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to someIPaddress [someIPaddress] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "mykey.pem" as a RSA1 public key
debug1: identity file mykey.pem type -1
debug1: identity file mykey.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1
debug1: match: OpenSSH_6.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "someIPaddress" from file "/home/burger/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/burger/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 139/256
debug2: bits set: 481/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA somekey
debug3: load_hostkeys: loading entries for host "someIPaddress" from file "/home/burger/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/burger/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'someIPaddress' is known and matches the RSA host key.
debug1: Found key in /home/burger/.ssh/known_hosts:3
debug2: bits set: 523/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: mykey.pem ((nil))
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: mykey.pem
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA some-key
debug2: we sent a publickey packet, wait for reply
debug1: Authentication succeeded (publickey).
Authenticated to someIPaddress ([someIPaddress]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env rvm_gemsets_path
debug3: Ignored env rvm_scripts_path
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env rvm_bin_path
debug3: Ignored env GEM_HOME
debug3: Ignored env rvm_man_path
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env XDG_SESSION_COOKIE
debug3: Ignored env IRBRC
debug3: Ignored env rvm_user_path
debug3: Ignored env rvm_wrappers_path
debug3: Ignored env WINDOWID
debug3: Ignored env rvm_patches_path
debug3: Ignored env OLDPWD
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env MY_RUBY_HOME
debug3: Ignored env rvm_docs_path
debug3: Ignored env GTK_MODULES
debug3: Ignored env rvm_verbose_flag
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env rvm_gems_cache_path
debug3: Ignored env rvm_config_path
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env rvm_path
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env rvm_debug_flag
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env rvm_prefix
debug3: Ignored env rvm_examples_path
debug3: Ignored env PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env rvm_rubies_path
debug3: Ignored env rvm_loaded_flag
debug3: Ignored env PWD
debug3: Ignored env GNOME_KEYRING_PID
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env UBUNTU_MENUPROXY
debug3: Ignored env rvm_usr_path
debug3: Ignored env GDMSESSION
debug3: Ignored env rvm_version
debug3: Ignored env rvm_src_path
debug3: Ignored env HOME
debug3: Ignored env SHLVL
debug3: Ignored env rvm_gems_path
debug3: Ignored env _JAVA_AWT_WM_NONREPARENTING
debug3: Ignored env rvm_ruby_string
debug3: Ignored env rvm_tmp_path
debug3: Ignored env LOGNAME
debug3: Ignored env GEM_PATH
debug3: Ignored env rvm_lib_path
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env rvm_repos_path
debug3: Ignored env LESSOPEN
debug3: Ignored env rvm_reload_flag
debug3: Ignored env rvm_log_path
debug3: Ignored env rvm_help_path
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env rvm_environments_path
debug3: Ignored env RUBY_VERSION
debug3: Ignored env rvm_archives_path
debug3: Ignored env LESSCLOSE
debug3: Ignored env rvm_user_install_flag
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Fri May 31 14:18:38 2013 from stgt-5f7197c5.pool.mediaways.net
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2013.03-release-notes/
[ec2-user@ip-someIPaddress ~]$
The following are common causes for this error: The host reached the instance but there was no service listening on the SSH port. A firewall blocked and was set to reject the package instead of dropping it.
You can SSH into EC2 instances in a private subnet using SSH agent forwarding. This method allows you to securely connect to Linux instances in private Amazon VPC subnets via a bastion host (aka jump host) that is located in a public subnet.
Another cause of this problem (SCP failing where SSH succeeds) is having any message printed to the console during login (e.g. from your .bashrc script)
See also
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With