Question

Unable to connect Droplet through SSH

Posted March 2, 2020 243 views
DigitalOcean Accounts

Hi,
We were able to connect to Droplet previously, but since a month or two we are not able to connect due to SSH keys issue.

$ ssh -v venu@IP
OpenSSH8.2p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh
config
debug1: Authenticator provider $SSHSKPROVIDER did not resolve; disabling
debug1: Connecting to IP [IP] port 22.
debug1: connect to address IP port 22: Connection timed out
ssh: connect to host IP port 22: Connection timed out

Almsot we tried all the possible ways,
Appreciate if any suggestions
Thank You
Venu Kommu

edited by alexdo

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hello, @venukommu

From what it seems like port 22 (ssh) is either closed or it’s not enabled for external access via the Firewall.

What you can do is to access your droplet using the console from your DigitalOcean control panel and check everything from there.

First you can make sure that sshd is running using the following command:

netstat -plunt | grep 22

If sshd is running then you can then make sure that ssh is allowed via the the firewall configuration tool.

You can make sure that UFW is running:

sudo ufw status

If it says it’s inactive you can enable it using this command:

sudo ufw enable

To allow all incoming SSH connections run this command:

sudo ufw allow ssh

An alternative syntax is to specify the port number of the SSH service:

sudo ufw allow 22

To allow incoming SSH connections from a specific IP address or subnet, specify the source.

sudo ufw allow from IPaddress to any port 22

Once this is done you can try to ssh again with the -vvv argument as it will show you a more verbose output.

Let me know how it goes.

Regards,
Alex

Dear @alexdo,
Thank you for your reply.

It seems already port 22 is enabled. See the output following,
https://pasteboard.co/IXeddld.png

Apprecaite your help

  • Hello, @venukommu

    Thanks for getting back to me.

    Have you tried reseting the ssh service? You can do that using the following commands:

    First check that is running:

    systemctl status ssh
    

    and then restart it:

    systemctl restart sshd
    

    You can also check these iptables rules to allow incoming ssh connections:

    sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    
    sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
    

    If you want to allow connections from certain IP address you can use:

    sudo iptables -A INPUT -p tcp -s 15.15.15.15 --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    

    change 15.15.15.15 with your actual IP address.

    sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
    

    From the looks of it all services can’t be reached at the moment. Is there a website you host on the droplet as well. Are you able to load/access your site at the moment?

    Regards,
    Alex

Submit an Answer