Troubleshooting the SSH Connection
If you're unable to connect to a compute instance using SSH, follow these troubleshooting steps to identify common problems.
Verify the connection
In a terminal window, run the following command:
nc <public ip> 22-
If the SSH banner displays: You successfully connected to the instance using SSH. The underlying problem might be related to permissions. As a next step, verify your credentials. If the credentials you're using to SSH to the instance are incorrect, the connection fails.
You must have the full path to the private key portion of the SSH key pair that you used when you created the instance. For more information about key pairs, see Managing Key Pairs on Linux Instances.
- If the SSH banner does not display:
A network issue might be preventing the connection from succeeding. Continue with the troubleshooting suggestions on this page.
Add a public IP address
If the connection is routed over the internet then the instance must have a public IP address to connect to the instance. Without a public IP address, the instance is not reachable.
If you created an instance on a public subnet, but didn't assign a public IP address at instance creation, you can still assign the address, see: Assigning an Ephemeral Public IP to an Existing Primary Private IP.
If you didn't create a public subnet, consider using Virtual Networking Quickstart to create a public subnet for any internet connected instances you want to SSH to.
Instance is on a private subnet
If the instance is on a private subnet, you can use a Bastion to connect to your instance. Review the bastion documentation to ensure your private network is configured to meet Bastion requirements.
Verify the network security lists
Oracle Cloud Infrastructure provisions each cloud network with a default set of security lists to permit SSH traffic. If the security list that permits SSH connections is removed, you can't access the instance. Ensure a security list that opens port 22 is present. For more information about security lists, see Security Lists.
Confirm that the instance is accessible
Check the instance accessibility status metric to determine whether the instance is responding to an Address Resolution Protocol (ARP) request. If the ARP ping fails, the metric shows that the instance is unresponsive. If there isn't an ongoing infrastructure issue, then the instance probably has a software issue or a network misconfiguration that you must resolve yourself.
Connect to the serial console
Serial console connections let you remotely troubleshoot malfunctioning instances. For more information, see Troubleshooting Instances Using Instance Console Connections.
From the serial console, you can interrupt the boot process to boot into maintenance mode. In maintenance mode, you can add or reset the SSH key for the opc user.
Confirm that SSH is running on the instance
Capture serial console history
You can capture the instance's serial console data history in the Console or by using the console-history resource in the CLI. This information can help determine the cause of connectivity problems.
When using the CLI to capture the instance's serial console data history, include the following option to ensure that full history is captured. Without this option, the data might be truncated: --length 10000000.
Update PuTTY tool
If you are trying to connect to a Linux instance from a Windows system using PuTTY and you receive a failure message stating that the key format is too new, then the PuTTYgen tool and the PuTTY tool are not the same version. Update the PuTTY tool to the latest version.