Question

cannot log into Ubuntu 16.04 server with ssh keys

I have completed the tutorials for initial setup of the Ubuntu 16.04 server, LAMP, and Secure Apache with Let’s Encrypt. I was able to log in one time. After I lost my connection through bad wifi my terminal froze. I closed the terminal and could not log back in.

ssh: connect to host hostname.org -p port: Connection timed out

I enabled a pass phrase, but it doesn’t ask it. What could be wrong?

Show comments
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Jonathan TittleApril 3, 2017

@technicallyblue

I would recommend simply shutting down the firewall service using Console and see if that allows you to log back in via SSH. You can do that by running:

ufw disable

If you’re able to login with ufw disabled, then your IP was most likely blocked. Normally, I recommend using actual ports over defined services when setting up ufw. Using actual ports seems to be far less problematic.

So if you’re able to login with ufw disabled, I’d now run a reset to wipe all existing rules.

ufw reset

You now have a clean slate from which to work from. So let’s rebuild.

We’ll start with default rules. We’ll deny all incoming and allow outgoing. These rules won’t matter as right now, ufw is disabled, so you shouldn’t get locked out when running them if you ran both of the commands above.

ufw default deny incoming

ufw default allow outgoing

Now we need to specify which ports to allow in. I always start with SSH since that’s the first thing I’ll be using and it’s the most important to start with.

Now, from the looks of it, you’re using another port – from what I’ve read, that’s 5069, though let’s confirm that to make sure so that you don’t end up getting locked out again.

Please run:

grep "Port" /etc/ssh/sshd_config

You’ll see a port echo’ed out to the screen that looks like Port ... where ... is the port. If that says 22, then we’ll use 22. If it says 5069, then use that.

So let’s allow SSH. As above, change 22 to the other port if that’s what’s showing in your SSH config.

ufw allow 22/tcp

Now since you’re using Apache and LetsEncrypt, we need to allow HTTP and HTTPS connections, and we can do that by allowing ports 80 and 443 through.

ufw allow 80/tcp

ufw allow 443/tcp

At this point, unless you need to allow additional ports through, we can go ahead and start ufw back up and let it resume.

ufw enable

You’ll get a warning that you may be kicked, but as long as you used the correct SSH port in the above command, you’ll be fine.

Hopefully that helps to get you back in :).

Flamber HansenApril 3, 2017

@technicallyblue We’ve maxed out the other thread, so starting a new. Sorry, run this again, because I specifically used to “numbered” to avoid getting the canonical names:

sudo ufw status numbered

And then run this:

sudo lsof -iTCP -sTCP:LISTEN -P
Flamber HansenApril 3, 2017

@technicallyblue Make sure the file /etc/ssh/sshd_config has the line Port 5069 and reboot the server after the change. It seems like you’ve added a firewall rule to block port 22 - at least that’s what I’m seeing when scanning your server:

22/tcp  closed ssh

Remember to click “Reply” under the post or use the @ sign to notify people - otherwise we might miss a message from you.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up