SSH connection time out after creating droplet

Posted March 8, 2018 3.3k views

Hi everyone,

I’m trying to write a provisioning and deployment script for a java application on debian 9.

My provisioning .sh script looks like this :

doctl compute droplet create DocumentationApplicationDroplet --image debian-9-x64 --region sfo2 --size 512mb --ssh-keys 9c:00:ec:04:9a:ed:74:fc:63:da:97:56:36:cb:88:8a --format ID > result.txt

export DROPLET_ID=`tail -1 result.txt`
export DROPLET_IP=`doctl compute droplet get $DROPLET_ID --format PublicIPv4 | tail -1`

ssh root@$DROPLET_IP "apt-get update"

When I run this script it creates a Debian-9 droplet that I can see on the website.
But once the droplet is made and the apt-get command gets executed I get ssh: connect to host port 22: Connection timed out
The IP you can see is the correct IP that I can also see on the website.

I have also created a new .sh script that looks like this :
ssh root@IPofmy_droplet “apt-get update”

where the IPofmydroplet is the same as the one I can see on the website and DROPLETID.

When I run this script, it works and apt-get update command gets executed on my droplet.

Any idea what the problem is here?

Kind regards,

edited by kamaln7

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

@kamaln7 described your problem very well — this behavior is expected, as your Droplet takes some time to provision, so it takes some time for OpenSSH server to get started.

I would just add an unrelated thing that could help you — depending on your script, you can use the user-data feature to execute the script (in your case the apt-get update command) on Droplet’s provision time. There’s also DigitalOcean Metadata API that you can use from your Droplet
and the user-data script to obtain basic information about your Droplet.

You can take a look at the An Introduction to Droplet Metadata tutorial if you want to learn more about the user-data feature.

Also, the doctl has the ssh command that you can use to SSH to your Droplet or remotely execute commands. You can learn more about it by executing the doctl compute ssh --help command or by taking a look at the SSH portion of doctl tutorial. This will not solve your problems, but if your Droplet has unique name, you don’t need the DROPLET_ID and DROPLET_IP commands.

by Marko Mudrinić
DigitalOcean's web based control panel provides a convenient, point-and-click interface for managing Droplets. There are many times, however, when a command-line tool may be a preferable alternative. doctl, the official DigitalOcean command-line client, leverages the DigitalOcean API to provide access to most account and Droplet features.

The IP address is assigned to your Droplet before it is actually created and is returned through the API response then. It takes a few seconds until the Droplet is created, booted up, and the OpenSSH server is started, so that’s most likely why you are seeing that error.

One option would be looping over doctl compute droplet get $DROPLET_ID --format Status until it is active, then checking whether port 22 is open every few seconds, and only then SSHing into it. This would add a delay until the Droplet is created (status set to active) and the OpenSSH server is started (port 22 is open).