SSH connection
SSH connection checklist
Go through the items below in order.
1. Verify a public IP is attached
In the ECI portal, open Compute > Virtual Machines and check that a public IP is shown on the VM's detail page.
2. Verify port 22 is allowed in the virtual-network firewall
Firewall rules are set per virtual network. On the detail page of the VM's virtual network, check Firewall rules for an inbound TCP 22 rule (it's safer to narrow the source IP to your own).
Add it if missing. Changes take effect within one minute. Firewall guide
3. Verify the in-VM firewall (UFW)
Connect via the web console and run:
sudo ufw status
If port 22 isn't allowed:
sudo ufw allow 22/tcp
sudo ufw reload
4. Verify the sshd service
sudo systemctl status sshd
sudo ss -tnlp | grep :22
If sshd isn't running:
sudo systemctl restart sshd
5. Verify password authentication is enabled (Ubuntu default)
Ubuntu cloud-init disables password SSH by default (/etc/ssh/sshd_config.d/60-cloudimg-settings.conf or a similar file has PasswordAuthentication no). Enable it via the web console:
# Check the cloud-init password-auth setting
sudo grep -r "PasswordAuthentication" /etc/ssh/
# Enable (in the global sshd_config or any drop-in file)
sudo sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
sudo sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config.d/*.conf 2>/dev/null || true
sudo systemctl restart sshd
Include the commands above in the init script at VM creation time to enable password auth automatically every time without manual steps.
6. Verify key file permissions (client side)
chmod 600 ~/.ssh/your-key.pem
7. Try connecting with verbose logs
ssh -vvv -i your-key.pem <username>@<PUBLIC_IP>
The -vvv flag shows where the connection fails (Permission denied (password,publickey) → step 5; Connection timed out → steps 1 and 2).
Still not working?
Send the ssh -vvv output to Support.
Connection closed by ... port ... error
Immediately after creating a VM, SSH connections can sometimes drop instantly:
Connection closed by xxx.xx.xx.x port xxxx
The cause is usually one of:
- Resource allocation hasn't finished yet
- OS boot hasn't fully completed yet
- sshd is rejecting due to SSH key file permissions
Open the Web Console tab on the VM detail page, watch the boot log, and try again after 1–2 minutes. If it persists, run through the 6-step checklist above.
I want to allow SSH only from specific IPs
The virtual-network firewall evaluates rules top-down, applying only the first matching rule, so allow rules need to be above the deny rules.
Example: allow SSH (22) only from 165.123.45.67
| # | Protocol | Source | Destination | Port | Action |
|---|---|---|---|---|---|
| 1 | TCP | 165.123.45.67/32 | Virtual network CIDR | 22 | ACCEPT |
| 2 | ALL | 0.0.0.0/0 | Virtual network CIDR | - | DROP |
For multiple IPs, stack more ACCEPT rules and keep a single DROP at the end:
ACCEPT 1.2.3.4/32 → SSH
ACCEPT 5.6.7.8/32 → SSH
ACCEPT 9.10.11.12/32 → SSH
DROP 0.0.0.0/0 → ALL
With the order reversed, the DROP matches before any ACCEPT and SSH is blocked. Rule changes can take up to one minute to apply.
For details, see the Firewall guide.