
Can't get SSH connections through AWS Session Manager working

I have an EC2 instance in a private subnet in which I want to copy files.

Instead of a S3 bucket I want to use Secure File Copy through Session Manager as documented on here and announced on here.

A running EC2 instance is attached with an instance profile containing the policy AmazonEC2RoleforSSM. On my local machine (macOS 10.14.5) the AWS CLI (aws-cli/1.16.195) and the Session Manager Plugin ( is installed and .ssh/config is configured accordingly.


When I run ssh ec2-user@i-XXX it hangs infinitely. However I can see an connected session in the Session Manager. When I SIGTERM the process I get following output and the session is terminated:

Command '['session-manager-plugin', '{"SessionId": "XXX", "TokenValue": "XXX", "StreamUrl": "wss://", "ResponseMetadata": {"RetryAttempts": 0, "HTTPStatusCode": 200, "RequestId": "XXX", "HTTPHeaders": {"x-amzn-requestid": "XXX", "date": "Wed, 07 Aug 2019 08:47:23 GMT", "content-length": "579", "content-type": "application/x-amz-json-1.1"}}}', 'eu-central-1', 'StartSession', u'cc', '{"DocumentName": "AWS-StartSSHSession", "Target": "i-XXX", "Parameters": {"portNumber": ["22"]}}', u'']' returned non-zero exit status -13


When I run ssh ec2-user@i-XXX I get the following error and need to manually terminate the session in the Session Manager:

kex_exchange_identification: banner line contains invalid characters


  • I just got an answer from AWS Support and it working for me now. There was a bug in one of the following components.

    Ensure at least following versions and it should work then.


    target ec2 instance

    I've also created a neat SSH ProxyCommand script that temporary adds your public ssh key to target instance during connection to target instance.