3

I've ssh'd in to a new ec2 instance, which I'm setting up for our production environment, and tried to git clone a project from another ec2 instance which we are using as our development box but I get the below error.

$ git clone ubuntu@?.??.??.??6:/var/git/our-project.git our-project
Cloning into 'our-project'...
ssh: connect to host ?.??.??.??6 port 22: Connection timed out
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I've created a public/private key pair on the production box to connect to the development box and added the public key to the dev box's authorized_keys. This is the same setup I've used on my local machine, which works.

I also have an AWS security group configured for the dev box which has the production ec2s public IP added to it to allow ssh inbound connections on port 22.

Could the problem be that I can't ssh into a machine and perform another ssh from within it, which is what in effect the git clone command is doing? I also tried what was suggested in this answer to run the git clone command from my local machine with the following, but as you can see this gives me the same error message.

ssh ubuntu@5?.??.??.??8 'git clone ubuntu@?.??.??.??6:/var/git/our-project.git /var/www/our-project'
Cloning into '/var/www/houseofireland'...
ssh: connect to host ?.??.??.??6 port 22: Connection timed out
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Would be very grateful for any possible causes or solutions to this issue.

Community
  • 1
  • 1
Holly
  • 7,462
  • 23
  • 86
  • 140
  • Are you able to `ssh` into the second EC2 instance from the first one? – Rob Aug 28 '15 at 11:49
  • @Rob I can ssh from my local to both the dev and production ec2s, but once I ssh into the production ec2 I can't ssh from there into the dev ec2 – Holly Aug 28 '15 at 11:51
  • Then it's not an issue with git - it's possible that there's a firewall in place, or that the instance have whitelisted IP addresses. – Rob Aug 28 '15 at 11:52
  • @Rob, I do have a AWS security group configured which has the production ec2s public IP added to it to allow ssh inbound connections on port 22. I'll add this to my question. Do you know is it possible to ssh into one box and from their ssh into another, a double ssh? – Holly Aug 28 '15 at 11:54
  • 1
    You definitely can ssh via another machine. The `ssh` application is still running on the remote computer, so you could essentially have an infinite amount of `ssh` chains if you'd like. As for the actual problem, I'm not sure I'm able to help out anymore - I'm not too familiar with EC2 instances, and there could be many causes of the issue. However, you can be certain that it's not related to git itself - the dev machine is just unreachable from production (perhaps rightly so?) – Rob Aug 28 '15 at 11:58

1 Answers1

1

As pointed out in the comments, this is not a git problem but rather ssh one.

Generally, it is possible to SSH from one EC2 instance to another but keep in mind the following:

  • EC2 instances have a public IP which you can use for accessing them from outside the AWS network and a private IP which is used internally. This IP has the form 10.X.X.X
  • When two EC2 instances communicate with each other, they use different DNS server than the one which is used when accessing them from outside the AWS network - thats why the public IP (or hostname, if you will) won't work

What you should do, is to put the instance from which you are making the SSH tunnel on a white list in the SecurityGroup of the second instance (assuming they they are on the same account).

Hope this helps

Smajl
  • 7,555
  • 29
  • 108
  • 179