Troubleshoot SSH connections to an Azure Linux VM that fails, errors out, or is refused

This article helps you find and correct the problems that occur due to Secure Beat (SSH) errors, SSH connection failures, or SSH is refused when y'all try to connect to a Linux virtual machine (VM). You can use the Azure portal, Azure CLI, or VM Access Extension for Linux to troubleshoot and resolve connection bug.

If you need more help at whatsoever point in this article, you can contact the Azure experts on the MSDN Azure and Stack Overflow forums. Alternatively, yous tin file an Azure support incident. Go to the Azure support site and select Get back up. For information about using Azure Support, read the Microsoft Azure support FAQ.

Quick troubleshooting steps

After each troubleshooting step, try reconnecting to the VM.

  1. Reset the SSH configuration.
  2. Reset the credentials for the user.
  3. Verify the network security grouping rules permit SSH traffic.
    • Ensure that a Network Security Group dominion exists to permit SSH traffic (by default, TCP port 22).
    • You lot cannot use port redirection / mapping without using an Azure load balancer.
  4. Check the VM resource health.
    • Ensure that the VM reports every bit being healthy.
    • If you take kick diagnostics enabled, verify the VM is not reporting kick errors in the logs.
  5. Restart the VM.
  6. Redeploy the VM.

Proceed reading for more detailed troubleshooting steps and explanations.

Available methods to troubleshoot SSH connection issues

You tin reset credentials or SSH configuration using one of the following methods:

  • Azure portal - swell if you need to quickly reset the SSH configuration or SSH central and you lot don't have the Azure tools installed.
  • Azure VM Serial Panel - the VM serial console will piece of work regardless of the SSH configuration, and will provide you lot with an interactive console to your VM. In fact, "tin't SSH" situations are specifically what the serial console was designed to help solve. More details beneath.
  • Azure CLI - if yous are already on the control line, rapidly reset the SSH configuration or credentials. If yous are working with a archetype VM, you can use the Azure classic CLI.
  • Azure VMAccessForLinux extension - create and reuse json definition files to reset the SSH configuration or user credentials.

After each troubleshooting stride, try connecting to your VM once again. If you still cannot connect, try the next step.

Apply the Azure portal

The Azure portal provides a quick way to reset the SSH configuration or user credentials without installing any tools on your local computer.

To brainstorm, select your VM in the Azure portal. Roll down to the Help department and select Reset password as in the post-obit example:

Screenshot to reset the S S H configuration or credentials in the Azure portal.

Reset the SSH configuration

To reset the SSH configuration, select Reset configuration only in the Mode section as in the preceding screenshot, and so select Update. Once this activity has completed, endeavour to admission your VM again.

Reset SSH credentials for a user

To reset the credentials of an existing user, select either Reset SSH public primal or Reset countersign in the Mode section as in the preceding screenshot. Specify the username and an SSH key or new password, then select Update.

Yous can also create a user with sudo privileges on the VM from this menu. Enter a new username and associated password or SSH key, and and so select Update.

Check security rules

Employ IP flow verify to confirm if a rule in a network security grouping is blocking traffic to or from a virtual machine. You can too review effective security group rules to ensure inbound "Allow" NSG rule exists and is prioritized for SSH port (default 22). For more data, see Using effective security rules to troubleshoot VM traffic period.

Check routing

Use Network Watcher's Adjacent hop capability to ostend that a route isn't preventing traffic from beingness routed to or from a virtual car. Y'all can as well review constructive routes to see all constructive routes for a network interface. For more than data, see Using constructive routes to troubleshoot VM traffic flow.

Utilise the Azure VM Series Console

The Azure VM Serial Console provides access to a text-based console for Linux virtual machines. You lot can use the console to troubleshoot your SSH connexion in an interactive shell. Ensure you have met the prerequisites for using Serial Panel and try the commands below to further troubleshoot your SSH connectivity.

Bank check that SSH is running

You can utilize the following control to verify whether SSH is running on your VM:

              ps -aux | grep ssh                          

If in that location is any output, SSH is up and running.

Check which port SSH is running on

You can use the following command to check which port SSH is running on:

              sudo grep Port /etc/ssh/sshd_config                          

Your output will look something like:

              Port 22                          

Use the Azure CLI

If you haven't already, install the latest Azure CLI and sign in to an Azure account using az login.

If y'all created and uploaded a custom Linux deejay image, make sure the Microsoft Azure Linux Amanuensis version 2.0.5 or subsequently is installed. For VMs created using Gallery images, this access extension is already installed and configured for you.

Reset SSH configuration

You can initially endeavor resetting the SSH configuration to default values and rebooting the SSH server on the VM. This does not change the user business relationship name, password, or SSH keys. The following example uses az vm user reset-ssh to reset the SSH configuration on the VM named myVM in myResourceGroup. Utilise your own values as follows:

              az vm user reset-ssh --resource-group myResourceGroup --proper name myVM                          

Reset SSH credentials for a user

The post-obit example uses az vm user update to reset the credentials for myUsername to the value specified in myPassword, on the VM named myVM in myResourceGroup. Apply your own values as follows:

              az vm user update --resource-group myResourceGroup --proper name myVM \      --username myUsername --countersign myPassword                          

If using SSH fundamental authentication, you lot can reset the SSH fundamental for a given user. The post-obit example uses az vm access set-linux-user to update the SSH key stored in ~/.ssh/id_rsa.pub for the user named myUsername, on the VM named myVM in myResourceGroup. Apply your own values every bit follows:

              az vm user update --resources-group myResourceGroup --name myVM \     --username myUsername --ssh-cardinal-value ~/.ssh/id_rsa.pub                          

Use the VMAccess extension

The VM Access Extension for Linux reads in a json file that defines actions to carry out. These deportment include resetting SSHD, resetting an SSH key, or calculation a user. Y'all still use the Azure CLI to call the VMAccess extension, but you can reuse the json files across multiple VMs if desired. This arroyo allows yous to create a repository of json files that can then be chosen for given scenarios.

Reset SSHD

Create a file named settings.json with the post-obit content:

              {     "reset_ssh":True }                          

Using the Azure CLI, y'all then call the VMAccessForLinux extension to reset your SSHD connection by specifying your json file. The following example uses az vm extension gear up to reset SSHD on the VM named myVM in myResourceGroup. Use your own values as follows:

              az vm extension set --resource-group philmea --vm-name Ubuntu \     --proper noun VMAccessForLinux --publisher Microsoft.OSTCExtensions --version ane.ii --settings settings.json                          

Reset SSH credentials for a user

If SSHD appears to office correctly, you lot can reset the credentials for a giver user. To reset the password for a user, create a file named settings.json. The following instance resets the credentials for myUsername to the value specified in myPassword. Enter the following lines into your settings.json file, using your ain values:

              {     "username":"myUsername", "password":"myPassword" }                          

Or to reset the SSH key for a user, first create a file named settings.json. The following case resets the credentials for myUsername to the value specified in myPassword, on the VM named myVM in myResourceGroup. Enter the following lines into your settings.json file, using your ain values:

              {     "username":"myUsername", "ssh_key":"mySSHKey" }                          

Later on creating your json file, utilize the Azure CLI to phone call the VMAccessForLinux extension to reset your SSH user credentials by specifying your json file. The following example resets credentials on the VM named myVM in myResourceGroup. Use your own values as follows:

              az vm extension set up --resources-group philmea --vm-proper noun Ubuntu \     --proper noun VMAccessForLinux --publisher Microsoft.OSTCExtensions --version i.2 --settings settings.json                          

Apply the Azure classic CLI

If yous haven't already, install the Azure archetype CLI and connect to your Azure subscription. Brand sure that you are using Resource Manager mode as follows:

              azure config style arm                          

If yous created and uploaded a custom Linux disk image, make sure the Microsoft Azure Linux Agent version 2.0.5 or later is installed. For VMs created using Gallery images, this access extension is already installed and configured for you.

Reset SSH configuration

The SSHD configuration itself may be misconfigured or the service encountered an error. You can reset SSHD to brand sure the SSH configuration itself is valid. Resetting SSHD should exist the commencement troubleshooting step you lot take.

The following instance resets SSHD on a VM named myVM in the resources group named myResourceGroup. Use your own VM and resources group names equally follows:

              azure vm reset-access --resource-group myResourceGroup --name myVM \     --reset-ssh                          

Reset SSH credentials for a user

If SSHD appears to role correctly, you tin reset the password for a giver user. The post-obit case resets the credentials for myUsername to the value specified in myPassword, on the VM named myVM in myResourceGroup. Use your own values equally follows:

              azure vm reset-access --resource-grouping myResourceGroup --proper name myVM \      --user-proper name myUsername --password myPassword                          

If using SSH primal authentication, you can reset the SSH central for a given user. The post-obit example updates the SSH fundamental stored in ~/.ssh/id_rsa.pub for the user named myUsername, on the VM named myVM in myResourceGroup. Employ your own values as follows:

              azure vm reset-access --resources-group myResourceGroup --proper name myVM \     --user-name myUsername --ssh-key-file ~/.ssh/id_rsa.pub                          

Restart a VM

If you accept reset the SSH configuration and user credentials, or encountered an mistake in doing and so, you can try restarting the VM to address underlying compute issues.

Azure portal

To restart a VM using the Azure portal, select your VM and then select Restart equally in the following instance:

Screenshot to restart a virtual machine in the Azure portal.

Azure CLI

The following example uses az vm restart to restart the VM named myVM in the resource group named myResourceGroup. Use your own values equally follows:

              az vm restart --resource-group myResourceGroup --proper name myVM                          

Azure classic CLI

Important

Archetype VMs volition be retired on March ane, 2023.

If yous employ IaaS resource from ASM, delight complete your migration by March 1, 2023. Nosotros encourage you to make the switch sooner to take advantage of the many feature enhancements in Azure Resources Manager.

For more information, see Drift your IaaS resources to Azure Resource Director past March ane, 2023.

The following example restarts the VM named myVM in the resource group named myResourceGroup. Use your own values as follows:

              azure vm restart --resource-group myResourceGroup --proper name myVM                          

Redeploy a VM

You lot can redeploy a VM to another node within Azure, which may correct whatever underlying networking problems. For information about redeploying a VM, run into Redeploy virtual motorcar to new Azure node.

Annotation

After this functioning finishes, ephemeral disk data is lost and dynamic IP addresses that are associated with the virtual machine are updated.

Azure portal

To redeploy a VM using the Azure portal, select your VM and scroll down to the Aid department. Select Redeploy as in the post-obit example:

Screenshot to redeploy a virtual machine in the Azure portal.

Azure CLI

The following instance use az vm redeploy to redeploy the VM named myVM in the resources group named myResourceGroup. Use your own values as follows:

              az vm redeploy --resource-grouping myResourceGroup --name myVM                          

Azure archetype CLI

The following case redeploys the VM named myVM in the resources group named myResourceGroup. Use your own values equally follows:

              azure vm redeploy --resource-group myResourceGroup --name myVM                          

VMs created past using the Classic deployment model

Important

Classic VMs will be retired on March one, 2023.

If yous use IaaS resources from ASM, please complete your migration by March 1, 2023. We encourage you to brand the switch sooner to take reward of the many feature enhancements in Azure Resource Manager.

For more information, see Migrate your IaaS resources to Azure Resource Manager by March 1, 2023.

Endeavor these steps to resolve the most common SSH connection failures for VMs that were created by using the classic deployment model. After each step, effort reconnecting to the VM.

  • Reset remote access from the Azure portal. On the Azure portal, select your VM then select Reset Remote....

  • Restart the VM. On the Azure portal, select your VM and select Restart.

  • Redeploy the VM to a new Azure node. For information about how to redeploy a VM, come across Redeploy virtual automobile to new Azure node.

    After this functioning finishes, ephemeral deejay information will exist lost and dynamic IP addresses that are associated with the virtual motorcar will be updated.

  • Follow the instructions in How to reset a password or SSH for Linux-based virtual machines to:

    • Reset the password or SSH key.
    • Create a sudo user account.
    • Reset the SSH configuration.
  • Check the VM's resource health for any platform issues.
    Select your VM and scroll downwards Settings > Check Health.

Additional resources

  • If you are notwithstanding unable to SSH to your VM after following the after steps, see more than detailed troubleshooting steps to review additional steps to resolve your issue.
  • For more than information near troubleshooting awarding admission, see Troubleshoot admission to an application running on an Azure virtual motorcar
  • For more information about troubleshooting virtual machines that were created by using the archetype deployment model, see How to reset a password or SSH for Linux-based virtual machines.