1

I'm trying to copy data from an EC2 instance to a remote host and am wondering why my rsync command hangs.

I've generated a key-pair using ssh-keygen on the EC2 instance and then added the id_rsa.pub to the ~/.ssh/authorized_keys on the remote host. When I run rsync, the command hangs. No permission denied/could not resolve hostname error or even output. I can ssh from other hosts and also rsync when on the remote host from the ec2 instance.

On the EC2 instance,

$ ping remote_host
PING remote_host (re.mo.te.ip) 56(84) bytes of data.
64 bytes from re.mo.te.ip (re.mo.te.ip): icmp_seq=1 ttl=55 time=10.0 ms
$ rsync -avze "ssh -i ~/.ssh/id_rsa" /absolute/path/to/source remote_user@remote_host:/target
...hangs
$ rsync -avze "ssh -i ~/.ssh/id_rsa" /absolute/path/to/source [email protected]:/target
...hangs

As a note, I tried to ssh-copy-id the EC2 instance's public key before manually copying it into the remote host's ~/.ssh/authorized_keys, but received a Connection timed out error. This makes me think a connection is made w/ my rsync command, but for some reason there isn't a reply from the remote host.

$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote_user@remote_host
sudo ssh-copy-id -i ~/.ssh/id_rsa.pub remote_user@remote_host
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "~/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: ERROR: ssh: connect to host remote_user@remote_host port 22: Connection timed out

My question is - should I be able to run my rsync from an EC2 instance if I've generated my key-pair and added them correctly to my remote host? Or, are there other factors (I've read about security groups and firewalls)? Thanks in advance for any help.

Improve this question

1 Answer 1

Reset to default
1

ssh: connect to host remote_user@remote_host port 22: Connection timed out

Or, are there other factors (I've read about security groups and firewalls)?

Your error message does not mean the key was refused. The client didn't even reach the point of offering the key. More precisely, "Connection timed out" means that the OS did not receive a response to the TCP handshake – it failed before it could even begin speaking SSH.

This means that there is a firewall somewhere along the way which is allowing only ICMP packets to pass through, but blocking TCP. Most likely, it is on the "server" side – i.e. not on your EC2 instance, but rather on the remote_host that you're trying to reach. (Typically firewalls are set up to block incoming connections but allow outgoing ones, from their perspective.)

Contact your remote_host's owners and tell them your EC2 instance's public IP addresses. They'll be able to investigate their own logs and firewall rules better than outsiders could.

Improve this answer
1
  • Allowed ICMP, but blocked TCP makes a lot of sense, especially considering the ping utility works. I'll investigate w/ the owners and come back if that resolves the issue. Thanks!
    – David Streid
    Commented Jul 7, 2020 at 12:56

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .