How to Troubleshoot the Failure of ECS to Connect to Linux Instances
Problem Causes
There are many possible reasons for SSH remote login failure, such as PAM security framework, security group, and SSH configuration. According to the actual situation, use the corresponding troubleshooting method to troubleshoot and solve the problem that the Linux instance cannot be connected remotely.
• Quickly log in to a Linux instance
• No clear error message when remote connection fails
• There is a clear error message when the remote connection fails
If you encounter an emergency and need to log in to the Linux instance as soon as possible, please refer to the following steps to check the status of the ECS instance, and then send commands to the Linux instance through the cloud assistant or log in to the instance through VNC. The specific steps are as follows:
Step 1: Check the ECS instance status
If you cannot log in to the ECS instance remotely due to any reason, please check the status of the instance first. Only when the ECS instance is in the running state can it provide business access to the outside world. The inspection steps are as follows:
1) Log in to the ECS management console.
2) In the left navigation bar, select Instances and Images > Instances.
3) In the upper left corner of the top menu bar, select Region.
4) On the instance list page, click the target instance ID to view the status and health status of the target instance, and select an appropriate login method.
Step 2: Log in to the ECS instance via VNC
If the cloud assistant is unavailable or cannot meet your usage needs, you can also log in remotely through the Alibaba Cloud VNC tool. The usage method is as follows:
1) Log in to the ECS management console.
2) In the left navigation bar, select Instances and Images > Instances.
3) In the upper left corner of the top menu bar, select Region.
4) On the instance list page, find the instance to be connected, and click the remote connection under the operation column corresponding to the instance.
5) In the pop-up connection and command dialog box, click Login Now corresponding to the remote connection instance via VNC.
6) Enter the VNC remote connection password and click OK.
Step 3: Send commands to the Linux instance through the cloud assistant
You can try to send commands to the Linux instance through the Alibaba Cloud assistant. The steps to use the cloud assistant are as follows:
1) Log in to the ECS management console.
2) In the left navigation bar, select Instances and Images > Instances.
3) In the upper left corner of the top menu bar, select Region.
4) On the instance list page, find the instance to be operated, and in the operation, select image > remote connection > send command.
5) Enter the command you need to execute and click Execute to execute the command without logging in to the Linux instance.
When the remote connection fails, if you do not receive the error message returned by the system, and the ECS instance is running, then troubleshoot according to the following steps:
Step 1: Use the Alibaba Cloud Workbench tool to test remote login
Use the Workbench tool provided by Alibaba Cloud to log in remotely. The Workbench tool will return specific error messages and solutions when an exception occurs in the remote login. The test steps are as follows:
1) Log in to the ECS management console.
2) In the left navigation bar, select Instances and Images > Instances.
3) In the upper left corner of the top menu bar, select Region.
4) On the instance list page, find the instance to be connected, and click the remote connection under the operation column corresponding to the instance.
5) In the pop-up connection and command dialog box, click Login Now corresponding to remote connection via Workbench (default).
6) The Workbench tool will automatically fill in the basic information required to log in to the target instance, please confirm the correctness of the basic information and enter the login user name and authentication information.
Step 2: Check the network
1) If you cannot connect to the Linux instance remotely, you need to check whether the network is normal.
In other network environments, use different network segments or different operators to compare and test computer connections to determine whether it is a local network problem or a server-side problem.
If it is a local network or carrier problem, please contact the local IT personnel or the carrier to solve it.
If the network card driver is abnormal, please reinstall it.
2) Use the ping command on the local client to test the network connectivity with the instance.
When the network is abnormal, please capture the data packets for analysis. For details, see How to Capture Data Packets When the Network is Abnormal.
When ping packets are lost or ping fails, use tools such as tracert or mtr to perform a link test to determine the root cause of the problem. For details, see How to Test a Link When Packets Are Lost or Unreachable Using the ping Command.
If intermittent packet loss occurs and the network of the ECS instance is always in an unstable state, it may be caused by a virus. For details, see Using the ping command to test the IP address of an ECS instance for intermittent packet loss
When the system kernel does not ban ping, use the ping command to test the ECS server, and find that the network is unreachable. It may be that the internal firewall of the server system has implemented a drop policy for the client.
Step 3: Check ports and security groups
Check the security group configuration to allow ports for remote connections.
1) Log in to the ECS management console.
2) In the upper left corner of the top menu bar, select Region.
3) On the instance list page, click the corresponding instance ID.
4) Click the Security Group tab, and in the Security Group List area, click Configure Rules in the Operation column.
5) Select the rule direction of the security group rule.
6) On the security group rules page, you can choose any of the following methods to add security group rules. For details, see Adding Security Group Rules.
Method 1: Quickly add security group rules
Method 2: Manually add security group rules
7) Use the following command to perform a port test to determine whether the port is normal.
The system display is similar to the following. For example, execute the telnet 192.168.0.1 22 command, and the returned result is similar to the following under normal circumstances.
If the port test fails, see Port availability detection when the ping command is normal but the port is unreachable for troubleshooting.
Step 4: Check CPU load, bandwidth and memory usage
If you cannot connect to a Linux instance remotely, it may be due to CPU load, insufficient bandwidth, or insufficient memory.
1) Select the corresponding operation according to whether the CPU load is too high.
2) Check whether there is insufficient public network bandwidth.
3) Check whether there is insufficient memory problem.
There are many possible reasons for SSH remote login failure, such as PAM security framework, security group, and SSH configuration. According to the actual situation, use the corresponding troubleshooting method to troubleshoot and solve the problem that the Linux instance cannot be connected remotely.
• Quickly log in to a Linux instance
• No clear error message when remote connection fails
• There is a clear error message when the remote connection fails
1. Quickly log in to the Linux instance
If you encounter an emergency and need to log in to the Linux instance as soon as possible, please refer to the following steps to check the status of the ECS instance, and then send commands to the Linux instance through the cloud assistant or log in to the instance through VNC. The specific steps are as follows:
Step 1: Check the ECS instance status
If you cannot log in to the ECS instance remotely due to any reason, please check the status of the instance first. Only when the ECS instance is in the running state can it provide business access to the outside world. The inspection steps are as follows:
1) Log in to the ECS management console.
2) In the left navigation bar, select Instances and Images > Instances.
3) In the upper left corner of the top menu bar, select Region.
4) On the instance list page, click the target instance ID to view the status and health status of the target instance, and select an appropriate login method.
Step 2: Log in to the ECS instance via VNC
If the cloud assistant is unavailable or cannot meet your usage needs, you can also log in remotely through the Alibaba Cloud VNC tool. The usage method is as follows:
1) Log in to the ECS management console.
2) In the left navigation bar, select Instances and Images > Instances.
3) In the upper left corner of the top menu bar, select Region.
4) On the instance list page, find the instance to be connected, and click the remote connection under the operation column corresponding to the instance.
5) In the pop-up connection and command dialog box, click Login Now corresponding to the remote connection instance via VNC.
6) Enter the VNC remote connection password and click OK.
Step 3: Send commands to the Linux instance through the cloud assistant
You can try to send commands to the Linux instance through the Alibaba Cloud assistant. The steps to use the cloud assistant are as follows:
1) Log in to the ECS management console.
2) In the left navigation bar, select Instances and Images > Instances.
3) In the upper left corner of the top menu bar, select Region.
4) On the instance list page, find the instance to be operated, and in the operation, select image > remote connection > send command.
5) Enter the command you need to execute and click Execute to execute the command without logging in to the Linux instance.
2. There is no clear error message when the remote connection fails
When the remote connection fails, if you do not receive the error message returned by the system, and the ECS instance is running, then troubleshoot according to the following steps:
Step 1: Use the Alibaba Cloud Workbench tool to test remote login
Use the Workbench tool provided by Alibaba Cloud to log in remotely. The Workbench tool will return specific error messages and solutions when an exception occurs in the remote login. The test steps are as follows:
1) Log in to the ECS management console.
2) In the left navigation bar, select Instances and Images > Instances.
3) In the upper left corner of the top menu bar, select Region.
4) On the instance list page, find the instance to be connected, and click the remote connection under the operation column corresponding to the instance.
5) In the pop-up connection and command dialog box, click Login Now corresponding to remote connection via Workbench (default).
6) The Workbench tool will automatically fill in the basic information required to log in to the target instance, please confirm the correctness of the basic information and enter the login user name and authentication information.
Step 2: Check the network
1) If you cannot connect to the Linux instance remotely, you need to check whether the network is normal.
In other network environments, use different network segments or different operators to compare and test computer connections to determine whether it is a local network problem or a server-side problem.
If it is a local network or carrier problem, please contact the local IT personnel or the carrier to solve it.
If the network card driver is abnormal, please reinstall it.
2) Use the ping command on the local client to test the network connectivity with the instance.
When the network is abnormal, please capture the data packets for analysis. For details, see How to Capture Data Packets When the Network is Abnormal.
When ping packets are lost or ping fails, use tools such as tracert or mtr to perform a link test to determine the root cause of the problem. For details, see How to Test a Link When Packets Are Lost or Unreachable Using the ping Command.
If intermittent packet loss occurs and the network of the ECS instance is always in an unstable state, it may be caused by a virus. For details, see Using the ping command to test the IP address of an ECS instance for intermittent packet loss
When the system kernel does not ban ping, use the ping command to test the ECS server, and find that the network is unreachable. It may be that the internal firewall of the server system has implemented a drop policy for the client.
Step 3: Check ports and security groups
Check the security group configuration to allow ports for remote connections.
1) Log in to the ECS management console.
2) In the upper left corner of the top menu bar, select Region.
3) On the instance list page, click the corresponding instance ID.
4) Click the Security Group tab, and in the Security Group List area, click Configure Rules in the Operation column.
5) Select the rule direction of the security group rule.
6) On the security group rules page, you can choose any of the following methods to add security group rules. For details, see Adding Security Group Rules.
Method 1: Quickly add security group rules
Method 2: Manually add security group rules
7) Use the following command to perform a port test to determine whether the port is normal.
The system display is similar to the following. For example, execute the telnet 192.168.0.1 22 command, and the returned result is similar to the following under normal circumstances.
If the port test fails, see Port availability detection when the ping command is normal but the port is unreachable for troubleshooting.
Step 4: Check CPU load, bandwidth and memory usage
If you cannot connect to a Linux instance remotely, it may be due to CPU load, insufficient bandwidth, or insufficient memory.
1) Select the corresponding operation according to whether the CPU load is too high.
2) Check whether there is insufficient public network bandwidth.
3) Check whether there is insufficient memory problem.
Related Articles
-
A detailed explanation of Hadoop core architecture HDFS
Knowledge Base Team
-
What Does IOT Mean
Knowledge Base Team
-
6 Optional Technologies for Data Storage
Knowledge Base Team
-
What Is Blockchain Technology
Knowledge Base Team
Explore More Special Offers
-
Short Message Service(SMS) & Mail Service
50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00
