- Product Introduction
- Tutorial
- Release Notes and Announcements
- Public Image Updates
- Announcements
- Price Reduction in Selected Availability Zones
- WebShell Proxy IP Addresses Updates
- Windows Server 2003 System Images End of Support Announcement
- Pay-as-you-go Price Adjustments for Standard S3 CVMs in the Silicon Valley Region
- Vulnerability repairing for Linux images
- Windows Server 2008 R2 Enterprise Edition SP1 64-bit Images End of Support Announcement
- Upgrading Virtio network card drive for Windows CVMs
- Solution to Tomcat Start Failure on Ubuntu14.04
- Stopping supporting for Ubuntu 10.04 images
- About Configuration of Security Group Port 53
- Purchase Guide
- Getting Started
- Operation Guide
- Operation Guide Overview
- Use Limits Overview
- Instances
- Creating Instances
- Batch Sequential Naming or Pattern String-Based Naming
- Generating API Explorer Reusable Scripts to Create Instances
- Resource Adjustment
- Querying Information
- Renaming Instances
- Resetting Instance Password
- Managing Instance IP
- Changing Instance Subnet
- Changing Security Group
- Searching for Instances
- Exporting Instance List
- Renewing Instances
- Querying the Repossession Status of a Spot Instance
- Shutting Down Instances
- Logging into Linux Instance
- Restarting Instances
- Logging into Windows instance
- Reinstalling System
- Terminating Instances
- Instance Repossession
- Spot Instances
- No Charges When Shut Down for Pay-as-You-Go Instances
- Managing Roles
- Starting Up Instances
- Reserved Instances
- Images
- Service Migration
- Online Migration
- Overview
- Online Migration Tool
- Tencent Cloud Migration Tutorial
- Migration Tutorial for Different Source Environments
- Migrating AWS EC2 Data to Tencent Cloud
- Migrating Alibaba Cloud ECS Data to Tencent Cloud
- Migrating Huawei Cloud ECS Data to Tencent Cloud
- Migrating UCloud UHost Data to Tencent Cloud
- Migrating Baidu Cloud BCC Data to Tencent Cloud
- Migrating VMWare Virtual Machine Data to Tencent Cloud
- Migrating China Telecom e-Cloud Cloud Server Data to Tencent Cloud
- Offline Migration
- Contact Us
- Online Migration
- Cloud Block Storage
- Network
- Security
- Security Groups
- Protection of Sensitive Operations
- Managing Login Password
- Managing SSH keys
- Spread Placement Group
- Unblocking Port 25
- Tags
- Monitoring and Alarms
- Sample Console Configuration
- Best Practice
- Best Practices
- Migrating CVM Instances
- Setting up a Website
- Building an Environment
- Building a Website
- Building an Application
- Data Backup
- Uploading Local Files to CVM
- Copying Local Files to CVMs
- Uploading Files from MacOS to Windows CVM Using MRD
- Uploading Files from Linux to Windows CVM using RDP
- Uploading Files from Linux to a CVM Using FTP
- Uploading files via WinSCP to a Linux CVM from Windows
- Uploading Files from Windows to a CVM Using FTP
- Uploading Files from Linux or MacOS to Linux CVM via SCP
- Uploading Files from Windows to a Windows CVM via MSTSC
- Other CVM Operations
- Network Performance Test
- Recovering Data on Linux CVMs
- Building a Visual GUI
- Changing Kernel of a Linux Instance Manually
- Managing Disk Space on Windows CVMs
- Using RemoteFx to Redirect USB Devices in Windows
- Using USB/IP to Share USB Devices in Linux
- Using AVX-512 Instructions to Accelerate AI Applications on CVM
- OPS Guide
- Troubleshooting Methods
- Instance-Related Failures
- CVM Login Failures
- Windows Instance Login Failures
- Windows Instance Login Failures
- An authentication error occurred when you tried to log in to a Windows instance remotely
- Failed to Reset the CVM Password or the CVM Password Is Invalid
- Windows instance: no remote Desktop license server can provide license
- Requires network-level identity verification
- Problems occurred when you tried to log in to a Windows CVM remotely on Mac
- Failed to log in to a Windows CVM due to high CPU and memory usage
- Failed to connect to a remote computer through Remote Desktop
- Credentials Not Work
- Connection to a Windows CVM through Remote Desktop was denied
- Remote Login Failure Due To Port Issues
- Linux Instance Login Failures
- Linux Instance Login Failures
- Unable to Log in to a Linux Instance via SSH Key
- Failing to log in to a Linux CVM due to high CPU and memory usage
- Remote Login Failure due to Port Issues
- VNC Login Error (Module is Unknown)
- VNC Login Error (Account Locked due to XXX Failed Logins)
- VNC Login Error (Login Failed with Correct Password)
- VNC or SSH Login Error (Permission Denied)
- Login Failure Due to Server Isolation
- Login Failure Due to High Bandwidth Occupation
- Remote Connect Failure Due to Security Group Settings
- Failed to shut down or restart a CVM
- Network Namespace Creation Failure
- Linux CVM Memory Issues
- Network Related Failures
- Downloading Remote Desktop for Mac
- Instance-Related Failures
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Region APIs
- Instance APIs
- DescribeInstances
- DescribeInstanceFamilyConfigs
- DescribeZoneInstanceConfigInfos
- DescribeInstanceTypeConfigs
- DescribeInstancesOperationLimit
- DescribeInstanceVncUrl
- InquiryPriceRunInstances
- InquiryPriceResetInstance
- InquiryPriceResetInstancesType
- InquiryPriceResizeInstanceDisks
- RunInstances
- StartInstances
- RebootInstances
- StopInstances
- ResetInstance
- TerminateInstances
- ResetInstancesType
- ResizeInstanceDisks
- ResetInstancesPassword
- ModifyInstancesAttribute
- ModifyInstancesProject
- InquirePricePurchaseReservedInstancesOffering
- DescribeReservedInstancesConfigInfos
- DescribeInstancesStatus
- Placement Group APIs
- Image APIs
- Key APIs
- Security Group APIs
- Network APIs
- Data Types
- Error Codes
- FAQs
- Service Agreement
- Glossary
- Product Introduction
- Tutorial
- Release Notes and Announcements
- Public Image Updates
- Announcements
- Price Reduction in Selected Availability Zones
- WebShell Proxy IP Addresses Updates
- Windows Server 2003 System Images End of Support Announcement
- Pay-as-you-go Price Adjustments for Standard S3 CVMs in the Silicon Valley Region
- Vulnerability repairing for Linux images
- Windows Server 2008 R2 Enterprise Edition SP1 64-bit Images End of Support Announcement
- Upgrading Virtio network card drive for Windows CVMs
- Solution to Tomcat Start Failure on Ubuntu14.04
- Stopping supporting for Ubuntu 10.04 images
- About Configuration of Security Group Port 53
- Purchase Guide
- Getting Started
- Operation Guide
- Operation Guide Overview
- Use Limits Overview
- Instances
- Creating Instances
- Batch Sequential Naming or Pattern String-Based Naming
- Generating API Explorer Reusable Scripts to Create Instances
- Resource Adjustment
- Querying Information
- Renaming Instances
- Resetting Instance Password
- Managing Instance IP
- Changing Instance Subnet
- Changing Security Group
- Searching for Instances
- Exporting Instance List
- Renewing Instances
- Querying the Repossession Status of a Spot Instance
- Shutting Down Instances
- Logging into Linux Instance
- Restarting Instances
- Logging into Windows instance
- Reinstalling System
- Terminating Instances
- Instance Repossession
- Spot Instances
- No Charges When Shut Down for Pay-as-You-Go Instances
- Managing Roles
- Starting Up Instances
- Reserved Instances
- Images
- Service Migration
- Online Migration
- Overview
- Online Migration Tool
- Tencent Cloud Migration Tutorial
- Migration Tutorial for Different Source Environments
- Migrating AWS EC2 Data to Tencent Cloud
- Migrating Alibaba Cloud ECS Data to Tencent Cloud
- Migrating Huawei Cloud ECS Data to Tencent Cloud
- Migrating UCloud UHost Data to Tencent Cloud
- Migrating Baidu Cloud BCC Data to Tencent Cloud
- Migrating VMWare Virtual Machine Data to Tencent Cloud
- Migrating China Telecom e-Cloud Cloud Server Data to Tencent Cloud
- Offline Migration
- Contact Us
- Online Migration
- Cloud Block Storage
- Network
- Security
- Security Groups
- Protection of Sensitive Operations
- Managing Login Password
- Managing SSH keys
- Spread Placement Group
- Unblocking Port 25
- Tags
- Monitoring and Alarms
- Sample Console Configuration
- Best Practice
- Best Practices
- Migrating CVM Instances
- Setting up a Website
- Building an Environment
- Building a Website
- Building an Application
- Data Backup
- Uploading Local Files to CVM
- Copying Local Files to CVMs
- Uploading Files from MacOS to Windows CVM Using MRD
- Uploading Files from Linux to Windows CVM using RDP
- Uploading Files from Linux to a CVM Using FTP
- Uploading files via WinSCP to a Linux CVM from Windows
- Uploading Files from Windows to a CVM Using FTP
- Uploading Files from Linux or MacOS to Linux CVM via SCP
- Uploading Files from Windows to a Windows CVM via MSTSC
- Other CVM Operations
- Network Performance Test
- Recovering Data on Linux CVMs
- Building a Visual GUI
- Changing Kernel of a Linux Instance Manually
- Managing Disk Space on Windows CVMs
- Using RemoteFx to Redirect USB Devices in Windows
- Using USB/IP to Share USB Devices in Linux
- Using AVX-512 Instructions to Accelerate AI Applications on CVM
- OPS Guide
- Troubleshooting Methods
- Instance-Related Failures
- CVM Login Failures
- Windows Instance Login Failures
- Windows Instance Login Failures
- An authentication error occurred when you tried to log in to a Windows instance remotely
- Failed to Reset the CVM Password or the CVM Password Is Invalid
- Windows instance: no remote Desktop license server can provide license
- Requires network-level identity verification
- Problems occurred when you tried to log in to a Windows CVM remotely on Mac
- Failed to log in to a Windows CVM due to high CPU and memory usage
- Failed to connect to a remote computer through Remote Desktop
- Credentials Not Work
- Connection to a Windows CVM through Remote Desktop was denied
- Remote Login Failure Due To Port Issues
- Linux Instance Login Failures
- Linux Instance Login Failures
- Unable to Log in to a Linux Instance via SSH Key
- Failing to log in to a Linux CVM due to high CPU and memory usage
- Remote Login Failure due to Port Issues
- VNC Login Error (Module is Unknown)
- VNC Login Error (Account Locked due to XXX Failed Logins)
- VNC Login Error (Login Failed with Correct Password)
- VNC or SSH Login Error (Permission Denied)
- Login Failure Due to Server Isolation
- Login Failure Due to High Bandwidth Occupation
- Remote Connect Failure Due to Security Group Settings
- Failed to shut down or restart a CVM
- Network Namespace Creation Failure
- Linux CVM Memory Issues
- Network Related Failures
- Downloading Remote Desktop for Mac
- Instance-Related Failures
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Region APIs
- Instance APIs
- DescribeInstances
- DescribeInstanceFamilyConfigs
- DescribeZoneInstanceConfigInfos
- DescribeInstanceTypeConfigs
- DescribeInstancesOperationLimit
- DescribeInstanceVncUrl
- InquiryPriceRunInstances
- InquiryPriceResetInstance
- InquiryPriceResetInstancesType
- InquiryPriceResizeInstanceDisks
- RunInstances
- StartInstances
- RebootInstances
- StopInstances
- ResetInstance
- TerminateInstances
- ResetInstancesType
- ResizeInstanceDisks
- ResetInstancesPassword
- ModifyInstancesAttribute
- ModifyInstancesProject
- InquirePricePurchaseReservedInstancesOffering
- DescribeReservedInstancesConfigInfos
- DescribeInstancesStatus
- Placement Group APIs
- Image APIs
- Key APIs
- Security Group APIs
- Network APIs
- Data Types
- Error Codes
- FAQs
- Service Agreement
- Glossary
Unable to Log in to a Linux Instance via SSH Key
Last updated: 2021-09-29 17:05:31
Note:
- This document is a general instructional guide only for reference.
- Perform the file operations with caution. You can create a snapshot or use other methods to back up data when necessary.
Problem
During login to a Linux instance using SSH key, a message indicating that the connection is unavailable or failed appears.
Troubleshooting
Check below for the solutions for common SSH login errors.
SSH login error “User root not allowed because not listed in AllowUsers”
展开&收起Cause
The login is restricted by the user login control parameters.
- AllowUsers: only users listed in this parameter are allowed to log in.
- DenyUsers: users listed in this parameter are denied to log in.
- AllowGroups: only user groups listed in this parameter are allowed to log in.
- DenyGroups: user groups listed in this parameter are denied to log in.Note
The Deny policy takes priority over the Allow policy.
Solution
- Open the SSH config file
sshd_configas instructed in Steps - Delete the user login control parameters and restart the SSH service.
Steps
- Log in to the Linux instance via VNC.
- Run the following commands to open the
sshd_configconfiguration file with VIM editor.vim /etc/ssh/sshd_config - Press i to enter the edit mode. Locate and delete the following configurations, or add a pound sign (
#) at the beginning of each line to comment them out.AllowUsers root test DenyUsers test DenyGroups test AllowGroups root - Press Esc to exit the edit mode, and enter :wq to save the modification.
- Run the following commands based on the operating system to restart the SSH service.
- CentOS
systemctl restart sshd.service - Ubuntu
service sshd restart
Then you can log in to the Linux CVM instance via SSH key normally.
- CentOS
SSH login error “Disconnected:No supported authentication methods available”
展开&收起Problem
When logging in via SSH key, the following error message appears:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
sshd[10826]: Connection closed by xxx.xxx.xxx.xxx.
Disconnected:No supported authentication methods available.
Cause
SSH service modifies the PasswordAuthentication parameter and disables the password login.
Solution
- Open the SSH config file
sshd_configas instructed in Steps - Modify the
PasswordAuthenticationparameter and restart the SSH service.
Steps
- Log in to the Linux instance via VNC.
- Run the following commands to open the
sshd_configconfiguration file with VIM editor.vim /etc/ssh/sshd_config - Press i to enter the edit mode and change
PasswordAuthentication notoPasswordAuthentication yes. - Press Esc to exit the edit mode, and enter :wq to save the modification.
- Run the following commands based on the operating system to restart the SSH service.
- CentOS
systemctl restart sshd.service - Ubuntu
service sshd restart
Then you can log in to the Linux CVM instance via SSH key normally.
- CentOS
SSH login error “ssh_exchange_identification: read: Connection reset by peer”
展开&收起Problem
When logging in via SSH key, the error message “ssh_exchange_identification: read: Connection reset by peer” or as shown below appears:
- “ssh_exchange_identification: Connection closed by remote host”
- “kex_exchange_identification: read: Connection reset by peer”
- “kex_exchange_identification: Connection closed by remote host”
Cause
The common causes are as follows:
- The connection is blocked by the local access control policy.
- The firewall rules are modified by anti-intrusion software, such as Fail2ban, denyhost, etc.
- Reaches the the maximum number of connections configured in sshd
- Local network problem
Solution
Check the access policy, firewall rules, sshd configuration, and network environment as instructed in Steps
Steps
Checking and modifying the access policy settings
In Linux, the allowed and denied access policy are respectively set in the /etc/hosts.allow and /etc/hosts.deny files. You can set the trusted hosts in the hosts.allow file, and deny all other hosts in the hosts.deny file. The Deny policy can be set as follows:
in.sshd:ALL# Deny all SSH connections
in.sshd:218.64.87.0/255.255.255.128# Deny SSH connections ranging from 218.64.87.0 to -127.
ALL:ALL# Deny all TCP connections
Log in to the Linux instance via VNC and check the /etc/hosts.deny and /etc/hosts.allow files:
- Correct the configurations if needed. The modification takes effect immediately.
- If the configuration is correct, proceed to the next step.Note
If no access policy is configured, both files will be empty by default and all connections are allowed.
Checking the iptables firewall rules
Check whether the iptables firewall rules are modified, for example, by the anti-intrusion software (such as Fail2ban, denyhost, etc.). Run the following command to check whether the firewall denies SSH connections.
sudo iptables -L --line-number
- If yes, please modify the allowlist settings.
- If no, proceed to the next step.
Checking and modifying the sshd configuration
- Run the following command to open the
sshd_configconfiguration file with VIM editor.vim /etc/ssh/sshd_config - Check the
MaxStartupsvalue, which specifies the maximum number of connections allowed. If many connections are required to establish in a short period, adjust the value as needed.
- Follow the steps below to modify the value:
- Press i to enter the edit mode. After the modification is complete, press Esc to exit the edit mode and enter :wq to save the modification.Note
This parameter specifies the maximum number of unauthenticated concurrent connections the SSH daemon allows. The default value is
MaxStartups 10:30:100, which means to allow the first ten unauthenticated connections, refuse connection attempts with a probability of 30%, and reject all new connections when there are 100 connections. - Run the following command to restart the sshd service.
service sshd restart
- Press i to enter the edit mode. After the modification is complete, press Esc to exit the edit mode and enter :wq to save the modification.
- If no modification is required, proceed to the next step.
Testing the network environment
- Check whether a private IP is used for login.
- If yes, use a public IP and try again.
- If not, proceed to the next step.
- Test the connection by using other network environments.
- If the connection is normal, restart the instance and log in to it via VNC.
- If there is a connection error, solve it according to the test result.
If the SSH login error persists, it may be caused by kernel exceptions or other unknown reasons. In this case, please submit a ticket.
SSH login error “Permission denied, please try again”
展开&收起Problem
When the root user logs in to a Linux instance via SSH key, the “Permission denied, please try again” error message appears.
Cause
This is because that the SELinux service is enabled, or the SSH service modifies the PermitRootLogin configuration.
Solution
Check the configuration of SELinux service and the PermitRootLogin parameter in sshd_config as instructed in Steps.
Steps
Checking and disabling the SELinux service
- Log in to the Linux instance via VNC.
- Run the following command to check the current SELinux service status.
/usr/sbin/sestatus -v
Ifenabledas shown below is returned, the service is enabled. Thedisabledresponse indicates that the service is disabled.SELinux status: enabled - Disable the SELinux service temporarily or permanently as needed.
- Disable the SELinux service temporarily
Perform the following command to temporarily disable the SELinux service. The change takes effect immediately without needing to restart the system or instance.setenforce 0 - Disable the SELinux service permanently
Run the following command to disable the SELinux service.sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/configNote- This command is only applicable to the SELinux service in the
enforcingstatus. - After running the command, restart the system or instance for the modification to take effect.
- This command is only applicable to the SELinux service in the
- Disable the SELinux service temporarily
Checking and modifying the sshd configuration
- Log in to the Linux instance via VNC.
- Run the following commands to open the
sshd_configconfiguration file with VIM editor.vim /etc/ssh/sshd_config - Press i to enter the edit mode and change
PermitRootLogin notoPermitRootLogin yes.
>?
>- If this parameter is not configured insshd_config, the root user is allowed to log in by default.
>- This parameter only affects the SSH key login of the root user, who can log in to the instance normally using other methods.
> - Press Esc to exit the edit mode, and enter :wq to save the modification.
- Run the following command to restart the SSH service.
service sshd restart
Then you can log in to the Linux CVM instance via SSH key normally.
SSH login error “Too many authentication failures for root”
展开&收起Problem
The error message “Too many authentication failures for root” is returned and the connection is interrupted after many failed attempts to enter the password to login via SSH key.
Cause
I was requested to reset the SSH service password after consecutive failed password entry.
Solution
- Open the SSH config file
sshd_configas instructed in Steps - Check and modify the
MaxAuthTriesparameter for the password reset policy, and restart the SSH service.
Steps
- Log in to the Linux instance via VNC.
- Run the following commands to open the
sshd_configconfiguration file with VIM editor.vim /etc/ssh/sshd_config - Check for the configuration similar to what is shown below.
MaxAuthTries 5Note- This parameter is not enabled by default. It specifies the number of consecutive incorrect password attempts for each SSH key login, and displays the error message. However, the account will not be locked, which can be used for another SSH key login.
- Determine whether a modification is required. If so, we recommend you to back up the
sshd_configconfiguration file.
- Press i to enter the edit mode, and modify the following configuration or add a pound sign (`#) at the beginning of the line to comment it out.
MaxAuthTries <number of incorrect password attempts allowed> - Press Esc to exit the edit mode, and enter :wq to save the modification.
- Run the following command to restart the SSH service.
service sshd restart
Then you can log in to the Linux CVM instance via SSH key normally.
SSH startup error “error while loading shared libraries”
展开&收起Problem
When the SSH service is started in a Linux instance, an error message similar to the following is displayed in the secure log or directly returned:
- “error while loading shared libraries: libcrypto.so.10: cannot open shared object file: No such file or directory”
- “PAM unable to dlopen(/usr/lib64/security/pam_tally.so): /usr/lib64/security/pam_tally.so: cannot open shared object file: No such file or directory”
Cause
This is because that the relevant system library files the SSH service depends on are lost or have an exception, such as the permission configuration exception.
Solution
Check and fix the system library files as instructed in Steps.
Steps
NoteThe following example guides you through resolving a
libcrypto.so.10library file exception.
Obtaining the library file
- Log in to the Linux instance via VNC.
- Run the following command to view the
libcrypto.so.10library file information.ll /usr/lib64/libcrypto.so.10
The information similar to what is shown below is returned, indicating that/usr/lib64/libcrypto.so.10is the soft link of thelibcrypto.so.1.0.2klibrary file.lrwxrwxrwx 1 root root 19 Jan 19 2021 /usr/lib64/libcrypto.so.10 -> libcrypto.so.1.0.2k - Run the following command to view the
libcrypto.so.1.0.2klibrary file information.ll /usr/lib64/libcrypto.so.1.0.2k
Information similar to the following is returned:-rwxr-xr-x 1 root root 2520768 Dec 17 2020 /usr/lib64/libcrypto.so.1.0.2k - Note down the path, permission, group and other information of a normal library file, and try the following.
Finding and replacing the library file
- Run the following command to find the
libcrypto.so.1.0.2kfile.find / -name libcrypto.so.1.0.2k - Run the following command to copy the library file to a normal directory.
cp <absolute path of the library file obtained in the step 1> /usr/lib64/libcrypto.so.1.0.2k - Run the following commands to modify the file permission, owner, and group.
chmod 755 /usr/lib64/libcrypto.so.1.0.2kchown root:root /usr/lib64/libcrypto.so.1.0.2k - Run the following commands to create a soft link.
ln -s /usr/lib64/libcrypto.so.1.0.2k /usr/lib64/libcrypto.so.10 - Run the following command to start the SSH service.
service sshd start
Uploading an external file
- Upload the
libcrypto.so.1.0.2klibrary file of a normal CVM to the\tmpdirectory of the target CVM using FTP.Note\tmpis used in this example. You can replace with the actual directory. - Run the following command to copy the library file to a normal directory.
cp /tmp/libcrypto.so.1.0.2k /usr/lib64/libcrypto.so.1.0.2k - Run the following commands to modify the file permission, owner, and group.
chmod 755 /usr/lib64/libcrypto.so.1.0.2kchown root:root /usr/lib64/libcrypto.so.1.0.2k - Run the following commands to create a soft link.
ln -s /usr/lib64/libcrypto.so.1.0.2k /usr/lib64/libcrypto.so.10 - Run the following command to start the SSH service.
service sshd start
Recovering with snapshot
You can roll back to snapshot of the system disk to recover the library file. For more information, see Rolling Back Snapshots.
Note
- Note that snapshot rollback will cause loss of data stored after the snapshot creation.
- We recommend you to roll back to snapshots one by one from the latest to the earliest till the SSH service resumes. If the SSH service still cannot run properly after the rollback, the system at that point in time has been abnormal.
SSH service startup error “fatal: Cannot bind any address”
展开&收起Problem
When the SSH service is started in a Linux instance, an error message similar to the following is displayed in the secure log or directly returned:
FAILED.
fatal: Cannot bind any address.
address family must be specified before ListenAddress.
Cause
Incorrect configuration of AddressFamily. This parameter specifies the protocol suite used at runtime. If only IPv6 is configured here, but the IPv6 is not enabled or invalidly configured in the system, this problem may occur.
Solution
- Open the SSH config file
sshd_configas instructed in Steps - Modify the
AddressFamilyparameter and restart the SSH service.
Steps
- Log in to the Linux instance via VNC.
- Run the following commands to open the
sshd_configconfiguration file with VIM editor.vim /etc/ssh/sshd_config - Check for the configuration similar to what is shown below.
AddressFamily inet6 - inet: IPv4 protocol suite, the default value
- inet6: IPv6 protocol suite
- any: both IPv4 and IPv6 protocol suites
- Press i to enter the edit mode, and modify the configuration as follows or add a pound sign (
#) at the beginning of the line to comment it out.AddressFamily inetNoteThe
AddressFamilyparameter takes effect only after being configured beforeListenAddress. - Press Esc to exit the edit mode, and enter :wq to save the modification.
- Run the following command to restart the SSH service.
service sshd restart
Then you can log in to the Linux CVM instance via SSH key normally.
SSH service startup error “Bad configuration options”
展开&收起Problem
When the SSH service is started in a Linux instance, an error message similar to the following is displayed in the secure log or directly returned:
/etc/ssh/sshd_config: line 2: Bad configuration options:\\
/etc/ssh/sshd_config: terminating, 1 bad configuration options
Cause
This is caused by the incorrect encoding or configuration of the configuration file.
Solution
Fix the sshd_config configuration file as instructed below.
- Modifying the configuration file according to the error message
- Uploading an external file
- Reinstalling the SSH service
- Using the snapshot rollback for recovery
Steps
Modifying the configuration file according to the error message
If the error message tells the incorrect configuration, modify /etc/ssh/sshd_config with VIM editor by referring to the correct configuration file of another instance.
Uploading an external file
- Upload the
/etc/ssh/sshd_configlibrary file of a normal CVM to the\tmpdirectory of the target CVM using FTP.Note\tmpis used in this example. You can replace with the actual directory. - Run the following command to copy the library file to a normal directory.
cp /tmp/sshd_config /etc/ssh/sshd_config - Run the following commands to modify the file permission, owner, and group.
chmod 600 /etc/ssh/sshd_configchown root:root /etc/ssh/sshd_config - Run the following command to start the SSH service.
service sshd start
Reinstalling the SSH service
- Log in to the Linux instance via VNC.
- Run the following command to uninstall the SSH service.
rpm -e openssh-server - Run the following command to install the SSH service.
yum install openssh-server - Run the following command to start the SSH service.
service sshd startRecovering with snapshot
You can roll back the system disk snapshot of the instance to recover the library file. For more information, see Rolling Back Snapshots.Note- Note that snapshot rollback will cause loss of data stored after the snapshot creation.
- We recommend you to roll back to snapshots one by one from the latest to the earliest till the SSH service resumes. If the SSH service still cannot run properly after the rollback, the system at that point in time has been abnormal.
If the problem persists, please submit a ticket for assistance.
Yes
No
Was this page helpful?