I was trying to copy files from one instance of mine to another and the command I was using was the following:

[ec2-user@imraan ~]$ scp -i /home/ec2-user/germany.pem /home/ec2-user/certificates/*  ec2-user@10.0.0.72:/home/ec2-user/

However, I was running into an issue in which the system was throwing the following error:

ERROR:

ssh: connect to host 10.0.0.72 port 22: Connection refused

lost connection

The first things I checked was the following:

-That the security group on the destination server was listening for connections from the server sending the files which it was.

-Verify the command was correct which it was.

So I was a bit stuck as the security groups on both instances were configured correctly and the command was spot on but I could not get the instances to talk to each other.  This had me thinking, you cant talk to each other if nobody is listening, which prompted me to look at netstat:

Server sending files:

$ netstat -tlnp

(No info could be read for “-p”: geteuid()=500 but you should be root.)

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name

tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      –

tcp        0      0 0.0.0.0:35505               0.0.0.0:*                   LISTEN      –

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      –

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      –

tcp        0      0 :::41223                    :::*                        LISTEN      –

tcp        0      0 :::111                      :::*                        LISTEN      –

tcp        0      0 :::80                       :::*                        LISTEN      –

tcp        0      0 :::22                       :::*                        LISTEN      –

As you can see, the server sending the files looks okay as port 22 is listening.

Server receiving files:

$ netstat -tlnp

(No info could be read for “-p”: geteuid()=1000 but you should be root.)

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      –

tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      –

tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      –

tcp6       0      0 :::3306                 :::*                    LISTEN      –

tcp6       0      0 :::2222                 :::*                    LISTEN      –

tcp6       0      0 :::111                  :::*                    LISTEN      –

tcp6       0      0 :::80                   :::*                    LISTEN      –

 

This netstat output showed why the transfer was not working. As you can see, the server was not listening on port 22 but instead using a custom ssh port 2222. To resolve the issue, I had to edit the sshd_config file on the destination server to listen on port 22 instead of 2222. The change I made was as follows:

#

Port 22         ß——— changed to 22

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress ::

Once changed, I restarted the ssh daemon using the following command:

sudo systemctl restart sshd

Once changed, I ran the command again which worked:

$ scp -i /home/ec2-user/germany.pem /home/ec2-user/certificates/*  ec2-user@10.0.0.72:/home/ec2-user/

The authenticity of host ‘10.0.0.72 (10.0.0.72)’ can’t be established.

ECDSA key fingerprint is SHA256:####################################.

ECDSA key fingerprint is MD5: ####################################.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘10.0.0.72’ (ECDSA) to the list of known hosts.

getacert.cer                                                                                100% 1440   855.9KB/s   00:00

linuxbyimraan.co.za-2018-07-17-052050.cer                      100% 1359   920.9KB/s   00:00

Leave a Reply

Your email address will not be published. Required fields are marked *