All Products
Search
Document Center

Troubleshooting guidelines if you cannot remotely log on to a Linux instance through SSH

Last Updated: Dec 15, 2020

Problem description

When you remotely log on to an ECS instance of the Linux through SSH, the connection fails, and the Linux instance cannot be logged on normally.

Possible cause

The following figure shows the factors associated with SSH remote logon. There are many possible reasons for SSH remote logon failures. To locate the cause of the problem, see solution.

Solution

Alibaba Cloud reminds you that:

  • Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
  • You can modify the configurations and data of instances including but not limited to Elastic Compute Service (ECS) and Relational Database Service (RDS) instances. Before the modification, we recommend that you create snapshots or enable RDS log backup.
  • If you have authorized or submitted sensitive information such as the logon account and password in the Alibaba Cloud Management Console, we recommend that you modify such information in a timely manner.

There are many reasons why you cannot connect to a Linux instance remotely. You can use the corresponding troubleshooting methods to troubleshoot and solve the problem.

The SSH logon failure message appears.

No clear error message appears when SSH logon fails.

In case of emergency, you need to log on to the Linux instance quickly

The SSH logon failure message appears.

Handling process flowchart

Detail

If the SSH remote logon fails, the system usually returns an error message. You can select the following common error messages from the error messages based on your actual on-site conditions to quickly locate the cause of the problem and solve the problem.

Note: If your error message is not listed below, you can query the error message in a search engine or see the troubleshooting solutions in this topic.

No clear error message appears when SSH logon fails.

Handling process flowchart

Detail

If you do not receive the error message returned by the system, perform the following steps for troubleshooting.

Step 1: check the status of an ECS instance

If you cannot remotely log on to the ECS instance for any reason, check the status of the instance first. An ECS instance can provide external services only when it is in the running state. The inspection steps are as follows:

  1. Log on to the ECS console.
  2. Click instances in the left-side navigation pane to view the status of the instance.
    • The target instance is not in a running state
      See ECS instance lifecycle to select a solution based on the instance status.
    • The target instance is in the running state
      See the next step to continue troubleshooting.
Step 2: use Alibaba Cloud Workbench to test remote logon

Use the Workbench tool provided by Alibaba Cloud to perform remote logon. The Workbench tool will return detailed error messages and solutions if a remote logon exception occurs. The test steps are as follows:

  1. Log on to the ECS console.
  2. Click instances in the left-side navigation pane. On the instances page, find the target instance and click remote connection. On the displayed page, select Workbench remote connection.
  3. The Workbench automatically fills in the basic information required to log on to the destination instance. Verify the basic information, username, and authentication information. For more information about how to use Workbench, see connect to a Linux instance remotely through Workbench. And perform processing according to the following results:
Step 3: use the local SSH tool to test the remote logon

If you can remotely log on to a Linux instance by using Workbench, use a local SSH client to remotely log on to the Linux instance. And perform processing according to the following results:

  • I cannot log into
    The common cause is that you cannot remotely log on to the Linux instance because of an exception in your local SSH client or local network. The following table lists the causes of common issues and solutions for your reference.
    Note: you can use a comparison test to determine the source of the problem. For example, you can use an SSH client from another device to remotely log on to your Linux instance and check whether the local SSH client is configured incorrectly.
    • The public IP address of the local network is not authorized to access the ECS instance.
      Check the security group rules of the ECS instance and whether you have restricted access to the local network by using the internal firewalls (such as Firewalld, Iptables, and dongle) of the Linux instance. 
      Note:
      • The authorization objects here are for reference only. In actual use, the public IP address of your client prevails.
      • If the IP address on the client page is still inactive, try to add 0.0.0.0/0 to the authorization object field. For more information about security group rules, see security group scenarios.
      For more information about Firewall settings for Linux instances, contact your server administrator.
    • Incorrect local SSH client configuration
      Configure remote logon settings for your local SSH client based on the settings in SQL Workbench.

  • Normal logon
    If you can remotely log on to a Linux instance through a local SSH client, resolve the issue.
    Note: if this article is helpful to you, please provide feedback at the bottom of the document.

A quick logon to a Linux instance is required.

Handling process flowchart

Detail

If you need to log on to a Linux instance as soon as possible, verify that the instance is checking its status and try to send commands to the Linux instance by using cloud assistant. For more information, see check the running status. Follow these steps to use Cloud Assistant:

  1. Log on to the ECS console.
  2. Click instances in the left-side navigation pane. On the instances page, find the target instance and click remote connection.Select send remote command (Cloud Assistant).
  3. Run a command before clicking execute. For more information about Cloud Assistant, see Cloud Assistant overview.

If Cloud Assistant does not work or does not meet your needs, you can also remotely log on to the Alibaba Cloud VNC tool as follows:

  1. Log on to the ECS console.
  2. Click instances in the left-side navigation pane. On the instances page, find the target instance and click remote connection. On the displayed page, select the VNC Remote connection method.
  3. Enter the VNC password to log on. For more information about VNC, see log on to a Linux instance through VNC.
    Note:
    • If you connect to the instance for the first time or forget the VNC password, click change management terminal password to change the VNC password and try again.
    • After you log on to a Linux instance through the VNC, you must enter the username and password of the Linux instance. If you forget the password of a Linux instance, reset the password of the Linux instance. For more information, see reset instance logon password.

If you still cannot log on to the Linux instance through VNC, please record your current problem symptoms and open a ticket to contact Alibaba Cloud technical support personnel.

Reference

Application scope

  • Elastic Compute Service