Why can't I connect to my Linode via SSH?

There can be a few possible reasons for this, but the best way to check this out to begin with will be to run a few diagnostic commands to find exactly where the error is starting. The first command I would recommend running is a ping to the Linode followed by a telnet attempt to the Linode's SSH port. The commands for that are ping <IP address> and telnet <IP address>.

If those fail I would recommend taking a look at this excellent guide which covers a few possibilities for why the Linode might be unreachable. If the Linode's networking is up and you can connect to the SSH port, it's time to run a verbose ssh attempt:

ssh -vvv <user>@<IP address>

Make sure to add the appropriate port flag as well if you log in via a non-standard port. That command will show exactly where the SSH attempt fails and should give some useful information. After that, I also recommend logging into the Lish console to run a few more diagnostic commands. To log in via Lish, you can follow these steps:

• Log into the Linode Manager
• Click on the Linode name
• Click on the Remote Access tab
• Scroll to the bottom and under Console Access click "Launch Lish Console" or copy and paste the ssh command into your terminal

You can read more about using the Lish console at our excellent guide.

Once logged in via the Lish console I would recommend running the following commands that should show first what your SSH configurations are to see if that is the source of the problem, and then also the SSH connection attempt from the end of the Linode and why the connection might not be working:

#Check SSH configurations
egrep -i '(password|permit|port|rsa)' /etc/ssh/sshd_config

#Check recent login attempts for additional information about why the login failed
tail -n 30 /var/log/auth.log

Outputs should be similar to the following:

egrep -i '(password|permit|port|rsa)' /etc/ssh/sshd_config
# What ports, IPs and protocols we listen for
Port 22
HostKey /etc/ssh/ssh_host_rsa_key
PermitRootLogin no
RSAAuthentication yes
RhostsRSAAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# PasswordAuthentication.  Depending on your PAM configuration,
# the setting of "PermitRootLogin without-password".
# PAM authentication, then enable this but set PasswordAuthentication

sudo tail -n 30 /var/log/auth.log
May 11 11:39:22 localhost sshd[26981]: Invalid user <user> from <IP address>
May 11 11:39:22 localhost sshd[26981]: input_userauth_request: invalid user <user> [preauth]
May 11 11:39:23 localhost sshd[26981]: Connection closed by <IP address> port <Port> [preauth]

With that information you should have a better idea of why your SSH attempts have failed and hopefully be able to troubleshoot it. If you have followed our How To Secure Your Server Guide it is likely you hardened your SSH. Common reasons for failed SSH attempts in that case would include attempting to log in as the root user when PermitRootLogin is set to "no", or attempting to log in with the incorrect SSH key, or when an SSH key is not present.

The root login issue can be corrected either by changing the SSH configuration to permit root logins (I wouldn't advise this), or by logging in as the limited user. If the SSH key is the problem you can either change PasswordAuthentication to yes (I wouldn't recommend this) or create a new SSH key on your local machine and paste the key into the authorized_keys file through Lish.

One other possibility depending on the results of the diagnostic commands above, could be a firewall issue. If it is a firewall configuration on the Linode, you would expect to see a ping succeed but a telnet connection to the port fail. You can investigate your Linode's firewall with iptables-save to see if your local IP address is included or if the Linode's SSH port is blocked by the firewall. Alternatively these same symptoms could mean that SSH is not booted on the Linode, so through the Lish console you could run service sshd status to make sure it's running. You should see an output similar to the following if your SSH daemon is running properly:

service sshd status
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-05-02 05:18:40 UTC; 1 weeks 2 days ago
 Main PID: 3713 (sshd)
   CGroup: /system.slice/ssh.service
           └─3713 /usr/sbin/sshd -D

Another possibility is that your local firewall is blocking connections to either the Linode or to port 22. You can confirm this by seeing if auth.log is registering the SSH attempts. You would also see some useful information in the verbose SSH attempt if that was is the case.

I hope this helps point you in the right direction. If this doesn't help you get things sorted, please feel free to respond to this question with some of the outputs from the diagnostic commands I mentioned above and the community might be able to provide you with some better answers. Have a great day!

If the above steps don't work, you can also try checking permissions on the path leading up to the authorized_keys file, as well as the file itself. Even if the authorized_keys file itself has correct permissions, you may still get permissions-related errors if the .ssh/ folder in your user's home folder has incorrect permissions. To be sure the correct permissions are set, run the following commands:

# Set permissions
chmod -R 700 /home/$USERNAME/.ssh/
chown -R "${USERNAME}:${USERNAME}" "/home/${USERNAME}/.ssh"
chmod 600 /home/${USERNAME}/.ssh/authorized_keys

# Restart SSH
systemctl restart ssh

@tommydavidson --

• You generally don't have to restart sshd(1) after doing this. sshd(1) doesn't cache this information.

• Generally, the following is correct:

chown -R "${USERNAME}:${USERNAME}" "/home/${USERNAME}/.ssh"

However, depending on which distro/version you used to set up your Linode, the command could be:

chown -R "${USERNAME}:users" "/home/${USERNAME}/.ssh"

I know this to be the case if you set up your Linode with Ubuntu 12.04 and did upward migrations (or never updated). If there's no group called $USERNAME, chown(1) will tell you. You should check this beforehand:

ls -l /home | grep $USERNAME

• You must have superuser privileges to restart sshd(1):

sudo systemctl restart ssh

• Here's some other stuff to look/watch out for:

https://serverfault.com/questions/398/why-wont-automatic-login-through-ssh-with-authorized-keys-work

-- sw

I faced this issue after I enabled firewall using ufw on my Linode.
Fixed it with by running this command via the web console (the one on the Linode page)

sudo ufw allow ssh