All Products
Search
Document Center

Troubleshooting guidelines when you cannot remotely log on to a Linux instance through SSH

Last Updated: Aug 20, 2021

Problem description

When you remotely log on to the Linux ECS instance through SSH, the connection fails and you cannot log on to the Linux instance.

Solution

Take note of the following items:

  • Before you perform high-risk operations such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
  • You can modify the configurations and data of instances including Elastic Compute Service (ECS) and ApsaraDB RDS instances. We recommend that you create snapshots or enable RDS log backup before you modify instance configurations or data.
  • If you have authorized or submitted sensitive information such as the logon account and password in the Alibaba Cloud Management Console, we recommend that you modify the information in a timely manner.

There are many reasons why you cannot remotely connect to a Linux instance. You must troubleshoot and resolve the problem that you cannot remotely connect to a Linux instance by using the appropriate troubleshooting methods.

A clear error message exists when SSH logon fails.

There is no clear error message when SSH logon fails.

The situation is urgent and you need to log on to a Linux instance.

There is a clear error message when SSH login fails.

Description

If SSH remote login fails, the system usually returns an error message. According to the error message, you can match the error message from the following common error message to quickly locate the cause and solution of the problem.

Note: If your error information is not listed in the following list, you can use the search engine to query the error information. Alternatively, you can see Troubleshooting in this topic.

There is no clear error message when SSH login fails.

Description

If you do not receive the error message returned by the system, perform the following steps to troubleshoot the error.

Check the status of an ECS instance

If you cannot remotely log on to the ECS instance for any reason, check the status of the instance first. Only when the ECS instance is in the Running state, it can provide external service access. Check the procedure as follows:

  1. Log on to the ECS console.
  2. In the left-side navigation pane, click Instances to view the Status of the instance.
    • The target instance is not in the Running state
      For more information, see ECS instance lifecycle. Select a solution based on the instance status.
    • The destination instance is in the Running state
      . See the next step to continue troubleshooting.
Local client or network exception

Generally, you cannot remotely log on to the Linux instance because an exception exists on your local SSH client or on your local network. The following lists the causes and solutions of common problems for your reference:

Note: You can use a comparative test to identify the root cause of the problem. For example, remotely log in to your Linux instance through an SSH client on another device to determine whether the local SSH client is incorrectly configured.
    • The public IP address of the local network is not authorized to access the ECS instance.
      Check the security group rules of the ECS instance and whether you restrict access to the on-premises network through firewalls (Firewall, Iptables, and security dogs) in the Linux instance. The following figure shows the correct SSH remote connection security group rules.
      Note:
      • The authorization object here is for reference only. In practice, the public IP address of your client shall prevail.
      • If the public IP address of the client is still invalid, you can continue to set the authorization object to 0.0.0.0/0. For more information about security group rules, see ECS security group application cases.
      For more information about firewall settings in Linux instances, contact your server administrator for details.
    • The local SSH client is incorrectly
      configured. Set the remote login settings of your local SSH client correctly.

You need to quickly log on to a Linux instance.

Description

If the situation is urgent and you need to log on to the Linux instance as soon as possible, we recommend that you check the status of the ECS instance. For more information, see Check the status of the ECS instance. Make sure that the ECS instance is in the Running state, and then try to send a command to the Linux instance by using Alibaba Cloud Assistant. The steps to use the Cloud Assistant are as follows:

  1. Log on to the ECS console.
  2. In the left-side navigation pane, click Instances. In the Instances section, find the target instance that you want to remotely log on to, and click Remote Connection. On the page that appears, select Send Remote Command (Cloud Assistant).
  3. Enter the command that you want to run and click Run to run the command without logging on to the Linux instance. See Cloud Assistant Overview for more information about Cloud Assistant. 

If the Cloud Assistant cannot be used or cannot meet your requirements, you can also use the Alibaba Cloud VNC tool for remote login. The usage method is as follows:

  1. Log on to the ECS console.
  2. In the left-side navigation pane, click Instances. On the Instances page, find the target instance that you want to remotely log on to, and click Remote Connection. On the page that appears, select VNC Remote Connection.
  3. Enter the VNC remote connection password to log on. For more information about the VNC feature, see Log on to a Linux instance through VNC.
    Note:
    • When you connect to the VNC or forget the VNC password for the first time, click Change VNC Password. Change the VNC password and try again.
    • After you log on to a Linux instance through VNC, you must enter the username and password of the Linux instance. If you forget the password of the Linux instance, reset the password of the Linux instance. For more information, see Reset the logon password of the instance.

If you still cannot log on to the Linux instance through VNC, record your current problems and submit a ticket to contact Alibaba Cloud technical support.

References

Application scope

  • ECS