Question

UFW Restart Required After Droplet Reboot To Allow SSH

Posted December 21, 2015 7.4k views
Miscellaneous

Pardon my ignorance, DigitalOcean elders, but a lack of answers from the almighty Google Search has resulted in this call for help.

I know the problem is with UFW, I just don’t know how to fix it (obviously).

So before rebooting my droplet, everything works as it should—I can log in through SSH no problem. But after the reboot, I get this error:

(first attempt)

ssh: connect to host ###.###.##.### port 22000: Connection refused

(second attempt)

ssh: connect to host ###.###.##.### port 22000: Operation timed out

Then, if I go login through the web console and check UFW with sudo ufw status verbose, I get:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere
22000/tcp                  ALLOW IN    Anywhere
80/tcp (v6)                ALLOW IN    Anywhere (v6)
443/tcp (v6)               ALLOW IN    Anywhere (v6)
22000/tcp (v6)             ALLOW IN    Anywhere (v6)

(same output as with the command line before the reboot, port 22000 is open)

But if I restart UFW (sudo service ufw restart) in the web console, I can immediately log in through SSH on the command line.

Any ideas why this is happening?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

Just fyi for others: The first time I used ufw, I lost total control of my droplet after reboot.

Submit an Answer