Cannot perform ssh in AWS EC2 after enabling firewall

Question

Cannot perform ssh in AWS EC2 after enabling firewall

After enabling the firewall with 'sudo ufw enable' I can no longer ssh into my ec2 instance. Any way to recover from this? I suppose that I should have done something like 'sudo ufw allow ssh' but did not do this before exiting the session. Also, if I did, can I do ssh after that, or is there something else I need to do? Thanks.

+5

ssh amazon-web-services amazon-ec2 firewall

tgoneil Dec 9 '14 at 2:55

source share

2 answers

Success! @datasage provided general steps for recovery. Here are the details of the actual files that I had to change, for anyone who might need the details.

After creating a new instance and setting the source OS volume as the data volume in / mnt / ufwOOPS, I made the following changes to the files in / mnt / ufwOOPS / lib / ufw, in the manual equivalent of 'sudo ufw allow 22':

Add the following 3 lines, respectively, to the ## RULES ## user.rules and user6.rules section

user.rules:

### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 22 -j ACCEPT -A ufw-user-input -p udp --dport 22 -j ACCEPT

user6.rules:

 ### tuple ### allow any 22 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 22 -j ACCEPT -A ufw6-user-input -p udp --dport 22 -j ACCEPT

Thanks for the @datasage tip!

+2

tgoneil Dec 10 '14 at 2:06

source share

datasage · Accepted Answer · 2014-12-09T02:59:24+0000

You can recover, but the process is a bit involved.

You will need to disconnect the volume and reconnect it to the new instance. Set the volume, then find and edit the configuration file to enable ssh.

Once you are done, you can swap the volume back to the original instance.

In most cases, if you are in VPC and using security groups correctly, you probably won't need a software firewall. Security groups can handle most common firewalls.

Cannot perform ssh in AWS EC2 after enabling firewall

More articles: