Question

Digitalocean Droplet Droplet Web Console Error: Timed out while waiting for handshake

Posted August 12, 2021 1.4k views
DigitalOcean Droplets

I’ve recently installed the console agent as instructed by digitalocean. However when i tried to use it, it shows error time out while waiting for handshake, anyone face this issue?

4 comments
  • I’m getting the same error.

  • I had a digital ocean firewall applied limiting SSH access to my IP’s.

    Disabling the SSH firewall allowed me to connect.

    DO must not be allowing their own IP’s through the firewall and I have not been able to find a list of IP’s to allow.

  • While we wait for DO to produce a list of IPs and ports to allow, are there other IPs and ports noted by @LargeDarkBlueBoat ?

  • I am getting the same error. I am running Ubuntu 20.4.3 LTS.

    None of these solutions make any sense to me other than that adding the ufw rules for the DO IP’s did fix the problem.

    I even deleted my ssh key on the DO portal but it has been retained I guess because the console launch shows that it is “registering SSH KEY”.

    I am not using a DO firewall for this instance.

    DO support should chime in on this mess.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
8 answers

I had the same problem and it was caused by me having ports 22 and 303 blocked to the internet within my Ubunto Droplet. I solved it by giving the IP: 162.243.188.66 access to ports 22 and 303. The below might not work for you, and if it doesn’t I’ll give more detailed instructions. Don’t put the quotes in the commands.

  1. Launch the recovery console.
  2. Run the command “sudo ufw logging on”
  3. Launch the non-working console.
  4. After 15 seconds close the non-working console.
  5. In the recovery console, run the command “cd /var/log”
  6. Run the command “dir”
  7. Confirm that there is a file called “ufw.log”
  8. Run the command “sudo grep DPT=22 ufw.log”
  9. Find “SRC=[IP Address] DST=[IP Address]” a couple of lines up.
  10. Run the command “sudo ufw allow from [SRC IP Address] to any port 22” ex. sudo ufw allow from 162.243.188.66 to any port 22
  11. Run the command “sudo ufw allow from [SRC IP Address] to any port 303

EDIT: You may have to do this multiple times, I don’t know how many IPs they have.

EDIT 2: It looks like they alternate between 3 or 4 IPs to connect to my droplet.

I’m getting the same error. And while checking a UFW log I noticed that there were rejected connections from 162.243.188.66.
DigitalOcean should show us a list of IPs from where access should be allowed.

I found if you allow the following subnets to connect to ssh then the Droplet Console seems to work. The subnets are registered to D.O. 162.243.0.0/16 and 198.211.96.0/19.

So the commands for ufw would be:

sudo ufw allow from 162.243.0.0/16 to any port 22

sudo ufw allow from 198.211.96.0/19 to any port 22

Also on the Access screen of your droplet there is a box that says “Log in as root”. Change this to your username. Don’t leave as root unless you have allowed root login in the ssh server config file as it wont let you in.

Hello, @ratheRRandom

I’m checking with our support team for any potential issues. I will get back to you as soon as I have any information about that.

You can follow this tutorial in order to access your droplet using the console - https://www.digitalocean.com/community/tutorials/how-to-use-the-digitalocean-console-to-access-your-droplet

You will usually use the console if you can’t access your droplet using ssh via an ssh client and it’s usually the last resort option when it comes to troubleshooting.

You can also check our docs on How to Connect to Droplets with SSH:

https://www.digitalocean.com/docs/droplets/how-to/connect-with-ssh/

There are two options at the bottom of the doc:
Connect with OpenSSH
and
Connect with PuTTY

Hope that this helps!
Regards,
Alex

I’m having the exact same issue.

@mthJellyfish @decnets I have also faced a similar issue after updating the console agent as instructed by the digital ocean. On the recommendation of @LargeDarkBlueBoat, I have tried to unblock the port number from the firewall. It is of no success. Later on, I did analyze that ufw firewall has never been turned On by my developer. And, I am not able to connect to the droplet by SSH. I have done everything restarting ssh etc. And, still, I was not able to connect to the droplet by SSH. At last, this article was the savior of my day https://docs.digitalocean.com/products/networking/firewalls/resources/troubleshooting/

I have found out that the additional Digital Ocean firewall which has been configured by my previous developer on droplet has Inbound SSH for port number 22 limited to his IP address only. I have changed it to all IPv4. And, now I am able to open the updated console as usual. And, also able to connect to droplet by SSH.

Regards,
Sahil B.

Add 162.243.190.66 to your whitelist as well as 162.243.188.66. The web console for the droplet is definitely affected by firewalls restricting SSH on port 22. I had the exact same issues using the DigitalOcean built in firewall and cured it by adding these 2 IP address for SSH on port 22. We definitely need a list from DigitalOcean as the Conssole IP address changes after reboot or poweroffs.

Also this doe not take into account if you use a different port for ssh! How do we manage that?