Help Center > > FAQs> Login and Connection> Remote Logins> What Should I Do If I Cannot Log In to My Linux ECS?

What Should I Do If I Cannot Log In to My Linux ECS?

Updated at: Jul 20, 2020 GMT+08:00

Symptom

An ECS cannot be logged in due to some reasons, for example, the network malfunctions, the local port for accessing the remote desktop is denied on the firewall, or the CPU is overloaded on the ECS.

If this issue occurs, follow the instructions provided in Attempting Login Using VNC on the Management Console. Then, locate the login fault based on Fault Locating.

Attempting Login Using VNC on the Management Console

If the remote login fails, check whether you can log in to the ECS using VNC on the management console.

Click here to learn the preparations for logging in to an ECS.

  1. Log in to the management console.
  2. Under Computing, click Elastic Cloud Server.
  3. In the Operation column of the target ECS, click Remote Login.
    Figure 1 Remote Login
  4. (Optional) When the system displays "Press CTRL+ALT+DELETE to log on", click Ctrl+Alt+Del in the upper part of the remote login page to log in to the ECS.

    Do not press CTRL+ALT+DELETE on the physical keyboard because this operation does not take effect.

If the login using VNC fails after the preceding operations are performed, record your resources and the time when the fault occurred. Then, click Service Tickets in the upper right corner of the management console, choose Create Service Ticket, and submit a ticket for technical support.

Checking the Login Mode

Check the login mode you set when creating the ECS.

Figure 2 Login Mode
  • Password: Check whether the login password is correct. If your password is forgotten, reset the password. After resetting the password, restart the ECS for the new password to take effect.
  • Key pair
    • For the first login, use an SSH key. For details, see Login Using an SSH Key.
    • For a non-first login, if you want to use the remote login function (VNC) provided by the management console, log in to the ECS using the SSH key and set the password.
  • Set password later: If you did not set a login mode when creating an ECS, you can use the password reset function (available in the Operation column of the target ECS) to obtain the login password after the ECS is created. After resetting the password, restart the ECS for the new password to take effect.

Verifying that the ECS Has an EIP Bound

SSH logins apply to only Linux ECSs. You can use a remote login tool, such as PuTTY, to log in to your ECS. In such a case, the ECS must have an EIP bound.

Verify that the ECS has an EIP bound.

For details, see Assigning an EIP and Binding It to an ECS.

Checking Whether the Network Is Functional

Check whether the EIP bound to the ECS can be pinged.

If the EIP cannot be pinged, resolve this issue by following the instructions provided in Why Cannot an EIP Be Pinged?

After performing the preceding operations, try to remotely log in to the ECS again.

Checking Whether the Security Group Is Correctly Configured

Check whether the local ECS can access port 22 on the peer ECS.

Run the following command:

telnet Private IP address of the peer ECS

If the port is inaccessible, check whether port 22 in the security group is allowed.

For instructions about how to modify a security group rule, see Modifying a Security Group Rule

After performing the preceding operations, try to remotely log in to the ECS again.

Checking the IP Address Allowlist for SSH Logins (with HSS Enabled)

After HSS is enabled, you can configure an IP address allowlist for SSH logins as required. The IP address allowlist controls SSH access to ECSs, effectively preventing account cracking.

After you configure the allowlist, SSH logins will be allowed only from allowlisted IP addresses.

  1. On the Events page, check whether a local host IP address is intercepted due to brute force cracking.
  2. Check whether the IP address allowlist for SSH logins has been enabled. If so, ensure that the IP address of the local host has been added to the IP address allowlist.
    • Before enabling this function, ensure that all IP addresses that need to initiate SSH logins are added to the allowlist. Otherwise, you cannot remotely log in to your ECS through SSH.
    • Exercise caution when adding a local IP address to the allowlist. This will make HSS no longer restrict access from this IP address to your ECSs.

    For more details, see Security Configuration.

Checking Whether the Remote Access Port Is Correctly Configured

Check the internal configuration of the affected ECS.
  1. Verify that the sshd process is running.
  2. Check whether the local computer is restricted on the ECS.
    1. Log in to the ECS and run the following command to check the configuration:

      vi /etc/hosts.deny

    2. If the IP address of the local computer is detected, the IP address is denied. In such a case, delete the IP address from the file.
  3. Switch to the file in /etc/ssh/ssh_config on the local computer and view the default login port. Then, check whether the SSH-enabled port in the file in /etc/ssh/sshd_config on the ECS has been changed (the default port number is 22).

After performing the preceding operations, try to remotely log in to the ECS again.

Checking Whether the CPU Is Overloaded

If the login failure is caused by high CPU usage, perform the following operations to reduce the CPU usage:
  • Stop certain processes that are not used temporarily and try again.
  • Restart the ECS.
  • Reinstall the ECS OS. Back up important data before the reinstallation.
  • If the ECS OS cannot be reinstalled due to important data, replace the disk attached to the ECS. To do so, back up data on the original disk, detach the disk from the ECS, attach the new disk to the ECS, and copy data to the new disk.

For details, see Troubleshooting High Bandwidth or CPU Usage of a Linux ECS.

After performing the preceding operations, try to remotely log in to the ECS again.

Checking Whether an OS Fault Has Occurred

After performing the preceding operations, try to remotely log in to the ECS again.

Checking Whether an Error Occurred During a Remote Login

If an error message is displayed during a remote login, check the operation guide based on the error information.

For details, see Remote Login Errors on Linux.

If the error cannot be handled, record the message and the time when the error occurred. Then, click Service Tickets in the upper right corner of the management console, choose Create Service Ticket, and submit a ticket for technical support.

If the fault persists after the preceding operations are performed, record your resources and the time when the fault occurred. Then, click Service Tickets in the upper right corner of the management console, choose Create Service Ticket, and submit a ticket for technical support.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel