CLIENT AREACall Us 1-800-383-5193


Call Us 1-800-383-5193


Call Us 1-800-383-5193

Need help?

Our experts have had an average response time of 13.52 minutes in October 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

SSH Configuration File error in EC2 – Troubleshoot & Fix

by | Aug 30, 2021

Most often SSH Configuration File error in EC2 occurs when we change the Amazon EC2 instance’s sshd_config file

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let us see how we can troubleshoot and resolve this.


SSH Configuration File error in EC2

If we change an instance’s sshd_config file it might lead us to a connection refused error when connecting through SSH.

To confirm that we can’t access the instance, we access the instance through SSH with verbose messaging on:

$ ssh -i "myawskey.pem" [email protected] -vvv

Here, we need to use our own key file and user name.

The error looks like the following:

OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to port 22.
ssh: connect to host port 22: Connection refused


How to resolve this?

For a Nitro-based instance, the device names differ. For example, instead of /dev/xvda or /dev/sda1, it will be /dev/nvme.

Moving ahead, let us see a few effective methods our Support Techs employ to fix this issue.


Method 1: Use the EC2 Serial Console

With EC2 Serial Console for Linux, we can troubleshoot boot issues, network configuration, and SSH configuration issues in Nitro-based instance types.

To access it, we use either the Amazon EC2 console or the AWS AWS CLI.

However, we need to grant access to the console at the account level before we use the serial console.

Then we create AWS IAM policies granting access to the IAM users.

In addition, each instance with the serial console must include at least one password-based user.


Method 2: Use a rescue instance

1. Initially, we launch a new EC2 instance in the VPC. We use the same AMI in the same Availability Zone as the impaired instance.

The new instance becomes the rescue instance.

2. After that, we stop the impaired instance.

3. Then we detach the Amazon EBS root volume (/dev/xvda or /dev/sda1) from the impaired instance.

4. We attach the EBS volume as a secondary device (/dev/sdf) to the rescue instance.

5. Eventually, we connect to the rescue instance using SSH.

6. Here, to view devices, we run:

$ lsblk
xvda 202:0 0 8G 0 disk
└─xvda1 202:1 0 8G 0 part /
xvdf 202:80 0 8G 0 disk
└─xvdf1 202:81 0 8G 0 part

7. Then we create a mount point directory (/rescue) for the new volume that we attached to the rescue instance:

$ sudo mkdir /mnt/rescue

8. To mount the volume in the above directory, we run:

$ sudo mount -t xfs -o nouuid /dev/xvdf1 /mnt/rescue/

To mount ext3 and ext4 file systems, we run:

$ sudo mount /dev/xvdf1 /mnt/rescue

9. Finally, to verify the volume mounted in the directory we run the lsblk command again:

$ lsblk
xvda 202:0 0 8G 0 disk
└─xvda1 202:1 0 8G 0 part /
xvdf 202:80 0 8G 0 disk
└─xvdf1 202:81 0 8G 0 part /mnt/rescue


Correct or copy the sshd_config file

We can investigate the sshd_config file on the impaired instance and roll back the changes:

$ sudo vi /mnt/rescue/etc/ssh/sshd_config

Or, we can copy the sshd_config file from the rescue instance to the impaired instance:

$ sudo cp /etc/ssh/sshd_config /mnt/resscue/etc/ssh/sshd_config


Reattach the volume to the original instance and test the connection

Our Support Techs recommend completing the following if we went ahead with Method 2.

1. To unmount the volume, we run:

$ sudo umount /mnt/rescue/

2. Then we detach the secondary volume from the rescue instance and then attach the volume to the original instance as /dev/xvda.

3. Eventually, we start the instance.

4. Finally, we verify if we can reach the instance by connecting to the instance using SSH.

[Need help with the resolution? We are here for you]



In short, we saw how our Support Techs fix the configuration file error for our customers.


Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.


var google_conversion_label = "owonCMyG5nEQ0aD71QM";


Submit a Comment

Your email address will not be published. Required fields are marked *