Skip to content

Troubleshooting

SSH connection timed out

For the session to remain active, edit the ~/.ssh/config file (create the file if it doesn’t exist).

Insert the following lines:

   Host *
   ServerAliveInterval 300
   ServerAliveCountMax 2

These settings will make the SSH client send a null packet to the other side every 300 seconds (5 minutes) and give up if it doesn’t receive any response after 2 tries, at which point the connection is likely to have been discarded anyway.

Setting right permissions for SSH keys

This article will create your server's .ssh directory file with the correct permissions. However, if you've created them yourself and need to fix permissions, you can run the following commands on your server while having established ssh connection to the system and logged in as your user.

   chmod 700 ~/.ssh
   chmod 400 ~/.ssh/id_rsa
   chmod 644 ~/.ssh/id_rsa.pub

The settings for ownership and group ownership of the key pair files must also be correct. In both cases, the user has to be set as owner. 

   chown <username>:<username> ~/.ssh/id_rsa
   chown <username>:<username> ~/.ssh/id_rsa.pub

Retrieve your public key from your private key

The following command will retrieve the public key from a private key:

   ssh-keygen -y -f <private_key> (ie. /usr/home/.ssh/id_rsa)

This can be useful, for example, if your server provider generated your SSH key for you and you were only able to download the private key portion of the key pair. Note that you cannot retrieve the private key if you only have the public key.

Unable to connect to the host due to host identification change

Sometimes during the establishing of SSH connection, the following message can appear.

   ssh <IP>
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 @   WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!  @
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
 Someone could be eavesdropping on you right now (man-in-the-middle attack)!
 It is also possible that a host key has just been changed.
 The fingerprint for the ECDSA key sent by the remote host is
 SHA256:I02UyJs2vS0ym4jWn5upAWZDqwu5RjMg4aM9hPq8G1k. 
 Please contact your system administrator.
 Add correct host key in /Users/<user>/.ssh/known_hosts to get rid of this message.
 Offending ECDSA key in /Users/khess/.ssh/known_hosts:4
 ECDSA host key for <IP> has changed and you have requested strict checking.
 Host key verification failed.

What has happened here is that you've attempted to connect to a system that no longer has the same IP address. A different system has that IP address and SSH is implying that you might be getting hacked. The reality is often much less exciting. Your known_hosts file may not sync with actual host reality.

The easy solution to this problem is to remove the known_hosts file in the .ssh directory completely and therefore allow new keys to be generated for each host you connect to.

However, if you do not have only this one host in the known_hosts file, but many others, it might not be a good idea to delete the whole file, because you would lose records of all the other hosts as well. In this case, it is a better to just edit the known_hosts file. You can change the IP of the host or delete the host part completely.

Unable to establish sftp connection to Vega

Sometimes the following error can appear when establishing sftp connection, which is due to OpenSLL version mismatch. 

/usr/bin/ssh: symbol lookup error: /lib64/libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

Connection closed

Solution is to unload OpenSSL module.

module unload OpenSSL