Reasons and solutions for failing to connect to a Linux instance

This article introduces the reasons and solutions for being unable to connect to a Linux instance, and focuses on the specific steps. The content of this article is compact, and I hope everyone can gain something.

Unable to connect to a Linux instance

The following figure shows the classification and occurrence probability of reasons for being unable to connect to an ECS instance. If you cannot connect to the instance, we recommend that you troubleshoot based on the following reasons.

First try to connect remotely

No matter what the reason is that you cannot connect to the instance remotely, please try first Use the remote connection function provided by Alibaba Cloud to connect, and then classify the fault according to the cause.

Log in to the cloud server management console.

Find the instance that needs to be connected. After finding the instance that needs to be connected, in the Operation column, click Remote Connection.

Connect to the management terminal. When connecting for the first time, you need to copy the password first.

After entering the password, connect to the instance.

If you forget your password, click If you forget your password, click to modify the password of the management terminal and set a new password. For I/O optimized instances, changing the password will take effect immediately without restarting.

Cannot connect to the ECS instance. Troubleshooting ideas

Please check the reasons one by one according to the following order:

Client local network abnormality [Occurrence probability: 3%]

Reset the instance password and the ECS instance was not restarted [Occurrence probability: 7%]

iptables configuration abnormality (Centos 6) [Occurrence probability: 10%]

Security group public network rules [Occurrence probability: 8%]

Remote access port Configuration exception [Occurrence probability: 10%]

CPU load is too high [Occurrence probability: 9%]

1. Client local network abnormality [Occurrence probability: 3 %]

Fault phenomenon: The user cannot log in to the external network.

Possible reasons: The network card driver is not turned on or there is a problem with the network card configuration.

Solution: Look for /etc/hosts.deny to see if there is an intercepted IP; check the network card driver and reinstall it.

2. The instance password is reset but the instance is not restarted [Occurrence probability: 7%]

Fault phenomenon: There is a record of instance password modification, But there is no record of restarting the instance.

Possible reason: You changed the instance password but did not restart the ECS instance.

Solution:

Log in to the cloud server management console.

Click Instances in the left navigation bar.

Click on the region at the top of the page.

Select the required instance. Click Restart.

In the pop-up prompt box, select Restart and click OK.

3. iptables configuration exception (Centos 6) [Occurrence probability: 10%]

Prerequisite: You can only shut down if authorized This troubleshooting can only be done if iptables is installed.

Fault phenomenon: SSH cannot connect. The connection is restored after closing iptables.

Solution: Adjust the iptables configuration policy.

View firewall rules:

iptables -nvL –line-number

L View all rules in the current table. The filter table is viewed by default. If you want to view the NAT table, you can add the -t NAT parameter.

n No reverse check of the IP address is performed. Adding this parameter will make the display much faster.

v Output detailed information, including the number of packets passing the rule, the total number of bytes, and the corresponding network interface.

Modify the rules.

If you have set a rule policy before, save a copy of the original iptables file to avoid losing the previously set policy.

cp -a /etc/sysconfig/iptables /etc/sysconfig/iptables.bak

Clear all rules on the server.

iptables -F

Set the INPUT direction to reject all requests. If it is an online business, please do not operate it directly, as it will cause direct interruption of the business.

iptables -P INPUT DROP

After setting up the iptables firewall, port 22 must be allowed, otherwise it will result in remote failure.

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

Specify IP to access port 22.

iptables -I INPUT -s 192.168.1.1 -p tcp --dport 22 -j ACCEPT

Explanation: 192.168.1.1 is the requesting end IP address.

Use iptables -L to check whether the added rules take effect.

iptables -L

保存添加的规则。

iptables-save > /etc/sysconfig/iptables

设置后需要重启iptables。

service iptables restart 或 /etc/init.d/iptables restart

操作完成后，重启服务器进行配置验证。

systemctl reboot

完成操作后，请再进行 SSH 连接。

4. 安全组公网规则 [出现概率：8%]

故障现象：ECS 服务器无法ping通，排查iptables、网卡IP配置无误，回滚系统后仍然无法ping通。

可能原因：ECS 实例安全组默认的公网规则被删除。

解决方法：重新配置 ECS 实例的安全组公网规则，具体操作详见 ECS实例安全组默认的公网规则被删除导致无法ping通。

5. 远程访问端口配置异常 [出现概率：10%]

故障现象：SSH 远程无法连接，远程访问端口非默认端口。

可能原因：更改了远程访问端口配置，有可能防火墙未对自定义端口放开。

解决方法：客户端无法正常登录时，建议先使用不同的 SSH 客户端基于相同账户信息进行登录测试。如能正常登录，则判断是客户端配置问题，需对客户端配置做排查分析。

使用 telnet 测试现有监听端口连通性。使用 Linux 自带的 telnet 工具测试现有端口的连通性。

telnet <host> <port>
# host 是目标服务器 IP，port是待测试端口号

修改或查看Linux远程端口：

vi /etc/ssh/sshd_config

找到 #port 22 这一行，默认端口为 22，可以把前面的#删除，把 22 改为其它的端口。

重启SSH服务：

/etc/init.d/sshd restart 或 service sshd restart

创建新的监听端口测试。

可以使用 python 自带的 Web 服务器用于临时创建新的监听端口进行测试。

python -m SimpleHTTPServer <所需端口号>

说明：

您可以通过自动测试默认端口来检测远程访问端口的问题。

服务监听能使用的端口范围为 0~65535，错误配置监听端口会导致远程桌面服务监听失败。

6. CPU 负载过高 [出现概率：9%]

故障现象：CPU 负载过高导致系统无法进行远程连接。

解决方法：您无法主动监控系统内部的程序运行状态，可以借助 云监控 > 主机监控 > 进程监控 来实现。

查看应用运行情况，排除 CPU 负载过高的原因。查看 CPU 负载问题详见 云服务器 ECS Linux 系统 CPU 占用率较高问题排查思路。

注意：在某个时间段 CPU 负载过高可能导致远程连接失败，建议您查询是否程序或者实例资源不满足现有要求。

最后尝试重启实例

若用阿里云提供的远程连接功能仍无法成功连接实例，请尝试重启实例。重启操作会使实例停止工作，从而中断业务，请谨慎执行。

注意：重启实例前，需对实例创建快照，用于数据备份或者制作镜像。创建快照的方法详见：创建快照。

在控制台重启实例。重启实例后，请再次尝试实例连接。

The above is the detailed content of Reasons and solutions for failing to connect to a Linux instance. For more information, please follow other related articles on the PHP Chinese website!