Managed SSH Session Creation Failed
Fix problems that can occur when you attempt to create a new Managed SSH session.
Oracle Cloud Agent is not Running on the Target Instance
Oracle Cloud Agent is a lightweight process that runs on compute instances and performs instance management tasks. Some Compute images (especially those images provided by Oracle) enable the Oracle Cloud Agent. For some images, you need to enable the agent on the instance yourself.
To create a Managed SSH session, the target compute instance must be running the Oracle Cloud Agent. Otherwise, you get an error message. See Managing Plugins with Oracle Cloud Agent.
Bastion Plugin is not Enabled on the Target Instance
The Oracle Cloud Agent process manages plugins running on the compute instance. The Bastion plugin is used to establish and monitor Managed SSH sessions. By default, the Bastion plugin is not enabled on instances running the Oracle Cloud Agent.
To create a Managed SSH session, the Bastion plugin must be enabled on the target compute instance and it must be running. Otherwise, you get an error message. See Managing Plugins with Oracle Cloud Agent.
SSH Server is not Configured Properly on the Target Instance
On the target instance, open the file /etc/ssh/sshd_config
, and verify the current configuration.
- If
PasswordAuthentication
is set toyes
, thenPubkeyAuthentication
must also be set toyes
. - If
AuthorizedKeysFile
is specified, the path and file name must exist. Paths are relative to the user's home directory. - The file specified in
AuthorizedKeysFile
(or.ssh/authorized_keys
by default) must include the same SSH key that is configured in the Managed SSH session. - Do not specify a
ListenAddress
. - If
AddressFamily
is specified, it must be set toany
orinet
. - If
Port
is specified (default is 22), check that the same port number is configured in the Managed SSH session. - If
DenyUsers
orDenyGroups
is specified, check that the user configured in the Managed SSH session is not on these lists.
Restart the SSH server if you modified the file. For example:
service sshd restart
An alternative to modifying the SSH server configuration and using a Managed SSH session is to use a Port Forwarding session. See Session Types.
Missing Gateway
When you create a bastion, you must specify a VCN (virtual cloud network) and a private subnet within that VCN.
To create a Managed SSH session, the VCN must include a gateway (service gateway , internet gateway , or NAT gateway ) and a route rule for the gateway. If the VCN isn't configured correctly:
- The creation of the Managed SSH session fails after several minutes because of a network timeout.
- The state of the Bastion plugin on the target Compute instance is
INVALID
.
See Service Gateway, Internet Gateway, or NAT Gateway.
Invalid Username
When you create a Managed SSH session, you must provide a valid username on the target instance's operating system. If the username is invalid, the creation of the session fails.
The default OS username on most compute instances created from an Oracle-provided image is opc
.