Why can't I connect to my Linode via SSH?
I've been able to connect to my Linode via SSH before, but when I try now I am unable to connect.
There can be a few possible reasons for this, but the best way to check this out to begin with will be to run a few diagnostic commands to find exactly where the error is starting. The first command I would recommend running is a ping to the Linode followed by a telnet attempt to the Linode's SSH port. The commands for that are
ping <IP address> and
telnet <IP address>.
If those fail I would recommend taking a look at this excellent guide which covers a few possibilities for why the Linode might be unreachable. If the Linode's networking is up and you can connect to the SSH port, it's time to run a verbose ssh attempt:
ssh -vvv <user>@<IP address>
Make sure to add the appropriate port flag as well if you log in via a non-standard port. That command will show exactly where the SSH attempt fails and should give some useful information. After that, I also recommend logging into the Lish console to run a few more diagnostic commands. To log in via Lish, you can follow these steps:
- Log into the Linode Manager
- Click on the Linode name
- Click on the Remote Access tab
- Scroll to the bottom and under Console Access click "Launch Lish Console" or copy and paste the ssh command into your terminal
You can read more about using the Lish console at our excellent guide.
Once logged in via the Lish console I would recommend running the following commands that should show first what your SSH configurations are to see if that is the source of the problem, and then also the SSH connection attempt from the end of the Linode and why the connection might not be working:
#Check SSH configurations egrep -i '(password|permit|port|rsa)' /etc/ssh/sshd_config #Check recent login attempts for additional information about why the login failed tail -n 30 /var/log/auth.log
Outputs should be similar to the following:
egrep -i '(password|permit|port|rsa)' /etc/ssh/sshd_config # What ports, IPs and protocols we listen for Port 22 HostKey /etc/ssh/ssh_host_rsa_key PermitRootLogin no RSAAuthentication yes RhostsRSAAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # Change to no to disable tunnelled clear text passwords PasswordAuthentication no # PasswordAuthentication. Depending on your PAM configuration, # the setting of "PermitRootLogin without-password". # PAM authentication, then enable this but set PasswordAuthentication sudo tail -n 30 /var/log/auth.log May 11 11:39:22 localhost sshd: Invalid user <user> from <IP address> May 11 11:39:22 localhost sshd: input_userauth_request: invalid user <user> [preauth] May 11 11:39:23 localhost sshd: Connection closed by <IP address> port <Port> [preauth]
With that information you should have a better idea of why your SSH attempts have failed and hopefully be able to troubleshoot it. If you have followed our How To Secure Your Server Guide it is likely you hardened your SSH. Common reasons for failed SSH attempts in that case would include attempting to log in as the root user when
PermitRootLogin is set to "no", or attempting to log in with the incorrect SSH key, or when an SSH key is not present.
The root login issue can be corrected either by changing the SSH configuration to permit root logins (I wouldn't advise this), or by logging in as the limited user. If the SSH key is the problem you can either change
PasswordAuthentication to yes (I wouldn't recommend this) or create a new SSH key on your local machine and paste the key into the authorized_keys file through Lish.
One other possibility depending on the results of the diagnostic commands above, could be a firewall issue. If it is a firewall configuration on the Linode, you would expect to see a ping succeed but a telnet connection to the port fail. You can investigate your Linode's firewall with
iptables-save to see if your local IP address is included or if the Linode's SSH port is blocked by the firewall. Alternatively these same symptoms could mean that SSH is not booted on the Linode, so through the Lish console you could run
service sshd status to make sure it's running. You should see an output similar to the following if your SSH daemon is running properly:
service sshd status ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2018-05-02 05:18:40 UTC; 1 weeks 2 days ago Main PID: 3713 (sshd) CGroup: /system.slice/ssh.service └─3713 /usr/sbin/sshd -D
Another possibility is that your local firewall is blocking connections to either the Linode or to port 22. You can confirm this by seeing if
auth.log is registering the SSH attempts. You would also see some useful information in the verbose SSH attempt if that was is the case.
I hope this helps point you in the right direction. If this doesn't help you get things sorted, please feel free to respond to this question with some of the outputs from the diagnostic commands I mentioned above and the community might be able to provide you with some better answers. Have a great day!