Share

Question

Hi, I set up an Ubuntu 16.04 droplet and nginx one or two days ago - all the setup was done via ssh from my os x machine, and I encountered no problems (yay DigitalOcean!)

However, today, attempts to ssh into my droplet reliably fail with “Operation timed out”

I can still access my droplet without issue via the DigitalOcean “console” feature. I have rebooted my Droplet several times through the web console. I have now put my droplet behind cloudflare. I still see the following failure when I try to ssh into my droplet from my home machine:

$ ssh -vvvv root@xxx.xxx.xxx.xxx
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/AKA/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: connect to address xxx.xxx.xxx.xxx port 22: Operation timed out
ssh: connect to host xxx.xxx.xxx.xxx port 22: Operation timed out

…when I try:

sudo systemctl status ssh

I see that the ssh.service is Active and running (I can’t select text on the web console, sadly).

Any help would be greatly appreciated; I’d love to not have to destroy the droplet and start all over, but I guess that’s what I’m going to try next.

Thanks,

AKA

Answer 1

jtittle1 February 4, 2017

@akamediasystem

From the console, run:

ufw status

… to see if the firewall is active. If it is, you can run ufw disable to disable the firewall and that should prevent the block (if it is indeed firewall related).

If that doesn’t work, was the Droplet setup with an SSH Key or did you receive an e-mail with a root password?

Reply

akamediasystem February 4, 2017
Doing

sudo ufw disable

allowed me to ssh back in, thank you! I’m going to research how to set up ufw to allow nginx and ssh, but it’s great to have access again.

FWIW, I followed this excellent tutorial, but I didn’t realize I was going to be locking myself out of ssh in the process.

Thanks again for a helpful response on a Saturday in under 15 minutes,

AKA
How To Install Nginx on Ubuntu 16.04
by Justin Ellingwood
Nginx is one of the most popular web servers in the world and is responsible for hosting some of the largest and highest-traffic sites on the internet. It is more resource-friendly than Apache in most cases and can be used as a web server or a reverse proxy. In this guide,...
- jtittle1 February 4, 2017
  
  @akamediasystem
  
  I can help you there :-).
  
  Start with the command below. This will reset ufw back to its original state without any sort of accept/deny policies in place.
  
  sudo ufw reset
  
  While ufw is still disabled, we can set it up to handle connections as needed. We need to allow Port 22 for SSH, Port 80 for HTTP, and Port 443 for HTTPS, so we’ll start there.
  
  First thing I do is setup defaults. This blocks all incoming, allows all outgoing. This won’t cause you to drop your connection as long as ufw is still disabled, so if you enabled it again, make sure you run sudo ufw disable again before running the next few commands.
  
  Simply copy and paste the multi-line commands directly in, hit enter, and allow them to run.
  
  sudo ufw default deny incoming \ && sudo ufw default allow outgoing
  
  With those in place, we can go ahead and setup the three ports mentioned above.
  
  sudo ufw allow 22/tcp \ && sudo ufw allow 80/tcp \ && sudo ufw allow 443/tcp
  
  Then enable ufw using sudo ufw enable, type in y and hit enter.
  
  akamediasystem February 4, 2017
  
  Thank you! I jumped ahead and did something slightly different - please let me know if I should undo what I did and follow this (again, much appreciated!) advice instead.
  
  I took a hint from the tutorial and did
  
  sudo ufw app list
  
  and got
  
  Available applications: Nginx Full Nginx HTTP Nginx HTTPS OpenSSH
  
  …so I then did
  
  sudo ufw allow 'OpenSSH'
  
  …in addition to the already-done
  
  sudo ufw allow 'Nginx HTTP'
  
  …then I did
  
  sudo ufw enable
  
  and got a prompt warning me I might interrupt current SSH connections, to which I said OK.
  
  …now, even after exiting, I’m able to ssh back into my droplet (I had to remove a line in “`
  ~/.ssh/ssh_config
  
  because I had also tried resetting the Droplet's SSH key.) ...I know I'm still not going to be able to do HTTPS like this, but I'm planning on adding that and getting a cert later tonight or tomorrow, so it's not critical for me yet. If I did something inadvisable, or if I should just follow the advice you've offered, please let me know! Thanks again, AKA
  
  How To Install Nginx on Ubuntu 16.04
  by Justin Ellingwood
  Nginx is one of the most popular web servers in the world and is responsible for hosting some of the largest and highest-traffic sites on the internet. It is more resource-friendly than Apache in most cases and can be used as a web server or a reverse proxy. In this guide,...
  
  jtittle1 February 5, 2017
  
  @akamediasystem
  
  The way I’ve set it up in my previous reply, I’m setting up ufw to block all incoming connections on all ports and only allow connections to the ports that I specify. I’m then allowing all outgoing connections.
  
  I find that this is a better standard setup than simply defining a few ports and turning on the firewall as it ensures only the ports I define are allowed without exception.
  
  As for how you define the actual ports, you can use the app list or you can define the ports using port/conn_type where port is 80, 443, 22, etc and conn_type is either tcp or udp.

Answer 2

akamediasystem February 4, 2017
Doing

sudo ufw disable

allowed me to ssh back in, thank you! I’m going to research how to set up ufw to allow nginx and ssh, but it’s great to have access again.

FWIW, I followed this excellent tutorial, but I didn’t realize I was going to be locking myself out of ssh in the process.

Thanks again for a helpful response on a Saturday in under 15 minutes,

AKA
How To Install Nginx on Ubuntu 16.04
by Justin Ellingwood
Nginx is one of the most popular web servers in the world and is responsible for hosting some of the largest and highest-traffic sites on the internet. It is more resource-friendly than Apache in most cases and can be used as a web server or a reverse proxy. In this guide,...
- jtittle1 February 4, 2017
  
  @akamediasystem
  
  I can help you there :-).
  
  Start with the command below. This will reset ufw back to its original state without any sort of accept/deny policies in place.
  
  sudo ufw reset
  
  While ufw is still disabled, we can set it up to handle connections as needed. We need to allow Port 22 for SSH, Port 80 for HTTP, and Port 443 for HTTPS, so we’ll start there.
  
  First thing I do is setup defaults. This blocks all incoming, allows all outgoing. This won’t cause you to drop your connection as long as ufw is still disabled, so if you enabled it again, make sure you run sudo ufw disable again before running the next few commands.
  
  Simply copy and paste the multi-line commands directly in, hit enter, and allow them to run.
  
  sudo ufw default deny incoming \ && sudo ufw default allow outgoing
  
  With those in place, we can go ahead and setup the three ports mentioned above.
  
  sudo ufw allow 22/tcp \ && sudo ufw allow 80/tcp \ && sudo ufw allow 443/tcp
  
  Then enable ufw using sudo ufw enable, type in y and hit enter.
  
  akamediasystem February 4, 2017
  
  Thank you! I jumped ahead and did something slightly different - please let me know if I should undo what I did and follow this (again, much appreciated!) advice instead.
  
  I took a hint from the tutorial and did
  
  sudo ufw app list
  
  and got
  
  Available applications: Nginx Full Nginx HTTP Nginx HTTPS OpenSSH
  
  …so I then did
  
  sudo ufw allow 'OpenSSH'
  
  …in addition to the already-done
  
  sudo ufw allow 'Nginx HTTP'
  
  …then I did
  
  sudo ufw enable
  
  and got a prompt warning me I might interrupt current SSH connections, to which I said OK.
  
  …now, even after exiting, I’m able to ssh back into my droplet (I had to remove a line in “`
  ~/.ssh/ssh_config
  
  because I had also tried resetting the Droplet's SSH key.) ...I know I'm still not going to be able to do HTTPS like this, but I'm planning on adding that and getting a cert later tonight or tomorrow, so it's not critical for me yet. If I did something inadvisable, or if I should just follow the advice you've offered, please let me know! Thanks again, AKA
  
  How To Install Nginx on Ubuntu 16.04
  by Justin Ellingwood
  Nginx is one of the most popular web servers in the world and is responsible for hosting some of the largest and highest-traffic sites on the internet. It is more resource-friendly than Apache in most cases and can be used as a web server or a reverse proxy. In this guide,...
  
  jtittle1 February 5, 2017
  
  @akamediasystem
  
  The way I’ve set it up in my previous reply, I’m setting up ufw to block all incoming connections on all ports and only allow connections to the ports that I specify. I’m then allowing all outgoing connections.
  
  I find that this is a better standard setup than simply defining a few ports and turning on the firewall as it ensures only the ports I define are allowed without exception.
  
  As for how you define the actual ports, you can use the app list or you can define the ports using port/conn_type where port is 80, 443, 22, etc and conn_type is either tcp or udp.

Answer 3

ITNomad July 25, 2018

I had the same problem. You must disable ufw.....then allow ssh....then enable ufw again....Try these commands (Mac OSX terminal)

*Do this before you logout of ssh (after installing nginx), or yes, you will be blocked from ssh, and will have to do the steps from withing the Droplet Console.

sudo ufw disable
sudo ufw allow ssh
sudo ufw enable
sudo ufw status

Hope that helps…

Reply

Used to be able to ssh into droplet, now operation times out

Leave a Comment

Share

Share your Question

Used to be able to ssh into droplet, now operation times out

Leave a Comment

Related

question

High lag observed on my first droplet on Banglore DC . Shows ping response more than 1 sec on avg with packet loss.

question

Connecting to a digital ocean Private Network

question

Is a wildcard CNAME DNS record valid?

question

What does nfs-server.service code=exited status=22 mean? [using M. Anderson's tutorial]

Almost there!