Symptom
A Linux ECS cannot be logged in to due to some reasons. For example, the network is abnormal, remote desktop access is blocked by the firewall on the ECS, or the ECS vCPUs are overloaded.
This section describes how to troubleshoot Linux ECS login failures.
If you cannot log in to your Linux ECS, follow the instructions provided in Checking the VNC Login. Then, locate the login fault by referring to Fault Locating.
Checking the VNC Login
Check whether you can log in to the ECS using VNC on the management console.
- Log in to the management console.
- Choose Computing > Elastic Cloud Server.
- In the Operation column of the target ECS, click Remote Login.
Figure 1 Remote login
- (Optional) When the system displays "Press CTRL+ALT+DELETE to log on", click Send CtrlAltDel in the upper part of the remote login page to log in to the ECS.
Do not press CTRL+ALT+DELETE on the physical keyboard because this operation does not take effect.
If the VNC login still fails, record the resource details and fault occurrence time for further fault locating and analysis.
Fault Locating
If you can log in to the ECS using VNC but cannot log in to it using a remote desktop connection, locate the fault by referring to this section.
The following fault causes are sequenced based on their occurrence probability.
If the fault persists after you have ruled out a cause, check other causes.
Possible Cause |
Solution |
|---|---|
The ECS is frozen or stopped. |
Make sure that the ECS is in the Running state. For details, see Checking the ECS Status. |
The entered username or password is incorrect. |
The default username for Linux ECSs is root. For details, see Checking the Login Mode. |
The ECS is overloaded. |
If the bandwidth or CPU usage of the ECS is excessively high, login failures may occur. For details, see Checking Whether the ECS Is Overloaded. |
The ECS has no EIP bound. |
To log in to an ECS using RDP or MSTSC, ensure that the ECS has an EIP bound. For details, see Checking Whether an ECS Has an EIP Bound. |
The access is blocked by the ISP. |
Check whether you can access the ECS using another hotspot or network. For details, see Checking Whether the Network Is Normal. |
The security group of the ECS denies inbound traffic on the remote login port. |
Check whether the security group allows inbound traffic on the remote login port. For details, see Checking Whether the Security Group Is Correctly Configured. |
The remote access port is incorrectly configured. |
Check whether the remote access port is correctly configured on the local computer and the ECS. For details, see Checking Whether the Remote Access Port Is Correctly Configured. |
An IP address whitelist for SSH logins has been configured. |
Ensure your IP address is included in the whitelist. For details, see Checking the IP Address Whitelist for SSH Logins (with HSS Enabled). |
An OS fault has occurred. |
The file system is damaged. For details, see Checking Whether an OS Fault Has Occurred. |
The access is blocked by third-party antivirus software. |
Disable or uninstall the third-party antivirus software and try again. For details, see Checking Whether the Access Is Blocked by Antivirus Software. |
The cause is displayed in the error message. |
If an error message is displayed during remote login, check the operation guide based on the error information. For details, see Checking Whether an Error Occurred During a Remote Login. |
Checking the ECS Status
Check whether the ECS is in the Running state on the management console. If the ECS is stopped, start it and try to log in to the ECS again.
Checking the Login Mode
Check the login mode you set when you created the ECS.
- Key pair
- For the first login, use an SSH key. For details, see Logging In to a Linux ECS Using an SSH Key Pair.
- For a non-first login, if you want to use the remote login function (VNC) provided by the management console, log in to the ECS using the SSH key and set the password.
Checking Whether the ECS Is Overloaded
If the bandwidth or CPU usage of the ECS is excessively high, login failures may occur.
If you have created an alarm rule in Cloud Eye, the system automatically sends an alarm notification to you when the bandwidth or CPU usage reaches the threshold specified in the rule.
To resolve this issue, perform the operations described in Why Is My Linux ECS Running Slowly?
- If the login failure is caused by high CPU usage, perform the following operations to reduce the CPU usage:
- Stop certain processes that are not used temporarily and try again.
- Restart the ECS.
- Reinstall the ECS OS. Back up important data before the reinstallation.
- If the ECS OS cannot be reinstalled due to important data, replace the disk attached to the ECS. To do so, back up data on the original disk, detach the disk from the ECS, attach the new disk to the ECS, and copy data to the new disk.
You can also upgrade the vCPUs and memory by modifying ECS specifications.
- If the login fails because the bandwidth exceeds the limit, perform the following operations:
For instructions about how to increase the bandwidth, see Modifying an EIP Bandwidth.
After you perform the preceding operations, try to remotely log in to the ECS again.
Checking Whether an ECS Has an EIP Bound
If you need to use a remote login tool (such as PuTTY or Xshell) to access the ECS, bind an EIP to the ECS.
For details, see Assigning an EIP and Binding It to an ECS.
Checking Whether the Network Is Normal
Use a local PC in another network or use another hotspot to access the ECS. Check whether the fault occurs on the local network. If so, contact the carrier to resolve this issue.
After you perform the preceding operations, try to remotely log in to the ECS again.
Checking Whether the Security Group Is Correctly Configured
Check whether the local host can access port 22 on the ECS.
Run the following command to check whether port 22 is accessible:
telnet <ECS-private-IP-address>
If port 22 is inaccessible, check whether port 22 is opened in the security group rule.
On the ECS details page, click the Security Groups tab and check that port 22 is configured in the inbound rule of the security group.
For details about how to modify a security group rule, see Modifying a Security Group Rule.
After you perform the preceding operations, try to remotely log in to the ECS again.
Checking Whether the Remote Access Port Is Correctly Configured
- Check whether the sshd process is running.
- Check whether your local PC is denied by the ECS.
- Open the /etc/ssh/ssh_config file in the local PC and view the default login port. Then, open the /etc/ssh/sshd_config file in the ECS and check whether the SSH port is the default port 22.
After you perform the preceding operations, try to remotely log in to the ECS again.
Checking the IP Address Whitelist for SSH Logins (with HSS Enabled)
After HSS is enabled, you can configure an IP address whitelist for SSH logins as required. The IP address whitelist controls SSH access to ECSs, effectively preventing account cracking.
After you configure the allowlist, SSH logins will be allowed only from IP addresses in the allowlist.
- On the Events page, check whether a local host IP address is intercepted due to brute force cracking.
- Check whether the IP address whitelist for SSH logins has been enabled. If it has been enabled, ensure that the IP address of the local host has been added to the IP address whitelist.
- Before enabling the whitelist to control SSH logins, ensure that all IP addresses that need to initiate SSH logins are added to the allowlist. Otherwise, you cannot remotely log in to your ECS through SSH.
- Exercise caution when adding a local IP address to the allowlist. This will make HSS no longer restrict access from this IP address to your ECSs.
For more details, see Configuring Server Login Protection.
Checking Whether an OS Fault Has Occurred
- Password injection failure
- File system damaged after a forcible stop
There is a low probability that the file system is damaged after a forcible stop, which causes the ECS fails to be restarted. For details, see Why Does a Forcibly-Stopped Linux ECS Fail to Be Restarted?
After you perform the preceding operations, try to remotely log in to the ECS again.
Checking Whether the Access Is Blocked by Antivirus Software
Third-party antivirus software may lead to a failure in accessing the ECS.
If third-party antivirus software is running, check whether the remote connection is blocked by the software. If the remote connection is blocked, add the EIP bound to the ECS to the whitelist of the antivirus software and try to access the ECS again.
You can also disable or uninstall the third-party antivirus software and try to remotely log in to the ECS again.
Checking Whether an Error Occurred During a Remote Login
If an error message is displayed during remote login, check the operation guide based on the error information.
If the fault persists, record the resource details and fault occurrence time, and contact technical support for assistance.
If the fault persists after the preceding operations are performed, record the resource details and fault occurrence time, and contact customer service for technical support.