Case 1

When running Jenkins master within a VPC, on a subnet routed to an IGW.

• Jenkins master has public IP
• Jenkins node has public IP

Problem was not detected, because the master would reach get from the same public DNS of the node, the internal IP. It seems to also attempt correctly to use the private IP first, then the public DNS while the node is booting.

eg:

INFO: Connecting to [PRIVATE IP] on port 22, with timeout 10000.
Oct 04, 2018 5:57:49 PM hudson.plugins.ec2.EC2Cloud
INFO: Failed to connect via ssh: The kexTimeout (10000 ms) expired.
Oct 04, 2018 5:57:49 PM hudson.plugins.ec2.EC2Cloud
INFO: Waiting for SSH to come up. Sleeping 5.
Oct 04, 2018 5:57:54 PM hudson.plugins.ec2.EC2Cloud
INFO: Connecting to ec2-[PUBLICIP].ap-southeast-2.compute.amazonaws.com on port 22, with timeout 10000.
...
Agent successfully connected and online

Case 2

When running Jenkins master within a VPC, on a subnet routed to an IGW.

• Jenkins master has public IP
  Configured another VPC (to use nodes in another region). Region 2 VPC has peer connection to VPC of Jenkins master, and is working fine with private IPs.
• Jenkins node has public IP

The problem is evident because the master starts and continues to attempt connecting with the public DNS. Even though the cloud "Connect using Public IP" box is not selected in the configuration.

INFO: Connecting to ec2-13-58-190-137.us-east-2.compute.amazonaws.com on port 22, with timeout 10000.
...

I have tried logging into the Jenkins master and verified the private IP works fine, to reach the node in the other region VPC. So the only issue is apparently the call to getEC2HostAddress

Other notes

It may be related to JENKINS-34533.