Shulou(Shulou.com)06/02 Report--

This article will explain in detail what is the reason for not being able to connect to Linux instances. Xiaobian thinks it is quite practical, so share it with you as a reference. I hope you can gain something after reading this article.

Unable to connect to Linux instance

The following figure shows the classification and probability of failure to connect ECS instances. If you cannot connect to the instance, we recommend troubleshooting according to the following reasons:

Try remote connection first

No matter what the reason is, please try to connect with the remote connection function provided by Alibaba Cloud first, and then troubleshoot according to the cause classification.

Log in to the Cloud Virtual Machine management console.

Find the instance you want to connect to. In the Action column, click Remote Connection.

Connection management terminal. For the first time, you need to copy the password.

After entering the password, connect the instance.

If you forget your password, click If you forget your password, click Modify password for management terminal, and set a new password. I/O optimized instance, password modification takes effect immediately, no restart required

Unable to connect ECS instance troubleshooting ideas

Please investigate one by one according to the following causes:

Client local network anomaly [occurrence probability: 3%]

Instance password reset, ECS instance not restarted [occurrence probability: 7%]

iptables configuration anomaly (Centos 6)[occurrence probability: 10%]

Security Group Public Network Rules [Probability of occurrence: 8%]

Remote Access Port Configuration Exception [Occurrence Probability: 10%]

CPU load is too high [probability of occurrence: 9%]

1. Client local network anomaly [occurrence probability: 3%]

Failure: Users cannot log in to the external network.

Possible causes: network card driver is not open or network card configuration problems.

Solution: Look up/etc/hosts.deny to see if there is an IP interception; check the network card driver and reinstall.

2. Instance password reset, instance not restarted [Probability of occurrence: 7%]

Fault phenomenon: there is instance password modification record, but no restart instance record.

Possible cause: You changed the instance password but did not restart the ECS instance.

Solution:

Log in to the Cloud Virtual Machine management console.

Click Instance in the left navigation bar.

Click Geography at the top of the page.

Select the instance you want. Click Restart.

In the pop-up prompt box, select Restart and click OK.

3. iptables configuration anomaly (Centos 6)[occurrence probability: 10%]

Prerequisite: you can only perform this troubleshooting if you have authorization to disable iptables.

Failure: SSH cannot connect, and the connection is restored after closing iptables.

Workaround: adjust iptables configuration policy.

View firewall rules:

iptables -nvL -line-number

L View all the rules of the current table. The default view is the filter table. If you want to view the NAT table, you can add the-t NAT parameter.

n Do not reverse the IP address, plus this parameter shows that the speed will be much faster.

v Output details, including the number of packets that passed the rule, the total number of bytes, and the corresponding network interface.

Modify the rules.

If the rules and policies have been set before, save a copy of the original iptables file to avoid losing the previously set policies.

cp -a /etc/sysconfig/iptables /etc/sysconfig/iptables.bak

Clear all rules on the server.

iptables -F

Set INPUT direction All requests are denied. If it is online business, please do not operate directly, it will cause direct interruption of business.

iptables -P INPUT DROP

After setting iptables firewall, port 22 needs to be released, otherwise it will lead to remote failure.

iptables -A INPUT -p tcp --dport 22 -j ACCEPTiptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

Specify IP access port 22.

iptables -I INPUT -s 192.168.1.1 -p tcp --dport 22 -j ACCEPT

Note: 192.168.1.1 is the IP address of the requester.

Use iptables -L to see if the added rule takes effect.

iptables -L

Save added rules.

iptables-save > /etc/sysconfig/iptables

IPtables needs to be restarted after setup.

service iptables restart or/etc/init.d/iptables restart

After the operation is complete, restart the server for configuration verification.

systemctl reboot

When you're done, make an SSH connection.

4. Security Group Public Network Rules [Probability of occurrence: 8%]

Fault: ECS server cannot ping, check iptables, network card IP configuration is correct, after rolling back the system still cannot ping.

Possible cause: The default public network rule of ECS instance security group has been deleted.

Solution: Reconfigure the ECS instance security group public network rule. For details, see ECS instance security group default public network rule deleted, resulting in unable to ping.

5. Remote Access Port Configuration Exception [Occurrence Probability: 10%]

Fault phenomenon: SSH remote can not connect, remote access port is not the default port.

Possible cause: The remote access port configuration has been changed, and it is possible that the firewall has not released the custom port.

Solution: When the client cannot log in normally, it is recommended to use different SSH clients to perform login tests based on the same account information. If you can log in normally, it is judged that there is a client configuration problem, and you need to troubleshoot and analyze the client configuration.

Use telnet to test existing listening port connectivity. Use Linux's telnet tool to test connectivity of existing ports.

telnet # host is the IP of the target server, port is the port number to be tested

To modify or view Linux remote ports:

vi /etc/ssh/sshd_config

Find the line #port 22, the default port is 22, you can delete the previous #, change 22 to other ports.

Restart SSH service:

/etc/init.d/sshd restart or service sshd restart

Create a new listening port test.

Python's built-in Web server can be used to temporarily create new listening ports for testing.

python -m SimpleHTTPServer

Description:

You can detect problems with remote access ports by automatically testing the default port.

The range of ports that can be used by service listening is 0~65535. If you misconfigure the listening port, Remote Desktop Service will fail to listen.

6. CPU load is too high [probability of occurrence: 9%]

Fault phenomenon: CPU load is too high to cause the system to make remote connection.

Solution: You cannot actively monitor the running status of programs inside the system. You can do this with Cloud Monitor> Host Monitor> Process Monitor.

Check app health and troubleshoot CPU overload. For more information about CPU load problems, see troubleshooting ideas for high CPU utilization of ECS Linux system in Cloud Virtual Machine.

Note: High CPU load at a certain time may cause remote connection failure. It is recommended that you query whether the program or instance resources do not meet the existing requirements.

Finally try to restart the instance

If the remote connection function provided by Alibaba Cloud still fails to connect to the instance, please try restarting the instance. Restart will cause the instance to stop working, thus interrupting the business. Please be careful.

Note: Before restarting an instance, you need to create a snapshot of the instance for data backup or mirroring. How to create a snapshot is described in Creating Snapshots.

Restart the instance on the console. After restarting the instance, try connecting to the instance again.

What is the reason for not being able to connect to Linux instances is shared here. I hope the above content can be of some help to everyone and learn more. If you think the article is good, you can share it so that more people can see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.