Support for remote access error (Linux)

Available in VPC

This document describes how to troubleshoot symptoms of server remote access errors in the Linux environment.

Check Linux server remote access settings

To remotely access the Linux server, ensure that the IP or subnet of the server to access is applied to the ACG. If not applied, see Set ACG and change the ACG settings.

If there is no problem in ACG settings, check the following matters:

Check if the server allows access to SSH/RDP service.
- SSH service: TCP, allowed port 22
- RDP service: TCP, allowed port 3389
Note

If the port setting on the server has been changed, update the settings accordingly.
Check the port forwarding settings.
- If both public IP and port forwarding are set simultaneously, you cannot communicate through a public IP. When using a public IP, remove the port forward settings.

Even if no problem is found as a result of checking the above, the SSH service port or the RDP service port may not work normally for various causes. In this case, the [Server connection console] button is enabled in the server information of NAVER Cloud Platform console. To resolve this issue, see Troubleshooting Linux server remote access errors.
server-ts-remote-lin-classic_image01_ko

Troubleshooting Linux server remote access errors

If Linux server remote access errors occur, see the OS-specific solutions to troubleshoot them.

NAVIX 9, Rocky Linux 8/9

1. Check daemon status

Check sshd daemon status - Check that the daemon is running normally.

[root@navix ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
     Active: active (running) since Thu 2025-12-11 10:26:30 KST; 1 month 2 days ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 643 (sshd)
      Tasks: 1 (limit: 48884)
     Memory: 83.2M
        CPU: 1h 7min 43.161s
     CGroup: /system.slice/sshd.service
             └─643 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

If the daemon is inactive, try to start. If an error occurs, check the server log to ensure that the sshd daemon can properly start.

Check that the sshd daemon is listening on port 22.

[root@navix ~]# netstat -ntlp |grep sshd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      643/sshd: /usr/sbin 
tcp6       0      0 :::22                   :::*                    LISTEN      643/sshd: /usr/sbin

2. Check routing

Without a default route for eth0, it cannot communicate. Check the static route status for eth0.

[root@navix ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    100    0        0 eth0
192.168.0.0     0.0.0.0         255.255.0.0     U     100    0        0 eth0

3. Check ssh root login permissions

A configuration item called PermitRootLogin yes must be present to log in with the ssh root account.
The example below shows a case where the configuration is present in the /etc/ssh/sshd_config.d/01-permitrootlogin.conf file.
Check if the settings are correct.

[root@navix ~]# grep -r PermitRootLogin /etc/ssh/*
/etc/ssh/sshd_config:#PermitRootLogin prohibit-password
/etc/ssh/sshd_config:# the setting of "PermitRootLogin without-password".
/etc/ssh/sshd_config.d/01-permitrootlogin.conf:PermitRootLogin yes

CentOS 7

To troubleshoot a remote access error on CentOS 7 in Linux environment, perform the following steps in order.

1. Check daemon status

To check the daemon status, perform the following steps in order.

Run the following command to check if the daemon is properly running.
```
systemctl status sshd
```
- If the daemon is inactive, try to start. If an error occurs, check the server log to ensure that the sshd daemon can properly start.
Run the following command to check if ssh is LISTEN on port 22.
```
netstat -nap | grep ssh
```
Note
- The default setting on NAVER Cloud Platform's server is port 22.
- If the port setting on the server has been changed, update the settings accordingly.
Run the following command to check if the port and ListenAddress have any settings.
```
vi /etc/ssh/sshd_config
```
- The default setting is annotated.

2. Check status of hosts.deny setting

The hosts.allow and hosts.deny files control the service to allow or block specific clients only.
Check if the hosts.allow and hosts.deny files have any settings. The default setting is annotated.
server-ts-remote-lin-vpc_image05

Note

The /etc/hosts.allow and /etc/hosts.deny files control only tcp_wrappers. Apply the rules in the following order:
1. Set to allow what is defined in the /etc/hosts.allow file.
2. Set to block what is not defined in the /etc/hosts.allow file but is defined in /etc/hosts.deny the file.
3. Set to allow what is defined in both /etc/hosts.allow and /etc/hosts.deny files.
It can control certain services of the daemon managed by tcp_wrappers and xinetd.
Example: ssh, telnet, ftp

3. Check firewall

Check the firewall with the following:

a. iptables

If iptables.service is installed, the daemon is also affected by rules even in the inactive status and excludes the rules to block ssh in iptables rules. No applied rules in default setting.
server-ts-remote-lin-vpc_image06

b. firewalld

The firewalld is not applied if the daemon is inactive. If you need to run firewalld, exclude the rule to block ssh. No applied rules in default setting.
server-ts-remote-lin-vpc_image07

4. Check routing

Without a default route for eth0, it cannot communicate. Check the static route status for eth0 and 169.254.0.0/16.
server-ts-remote-lin-vpc_image09

5. Check authority problem

Depending on the ssh config, remote access of the root account may be blocked. If unable to access through root, try connecting with a regular account. If you don't have a regular access account, enable the server connection console to access root.

Ubuntu 18.04

To troubleshoot a remote access error on Ubuntu 18.04 in Linux environment, perform the following steps in order.

1. Check daemon status

To check the daemon status, perform the following steps in order.

Run the following command to check if the daemon is properly running.
```
systemctl status sshd
```
- If the daemon is inactive, try to start. If an error occurs, check the server log to ensure that the sshd daemon can properly start.
Run the following command to check if it is LISTEN on the ssh port.
```
netstat -nap | grep ssh
```
Note
- The default setting on NAVER Cloud Platform's server is port 22.
- If the port setting on the server has been changed, update the settings accordingly.
Run the following command to check if the port and ListenAddress have any settings.
```
vi /etc/ssh/sshd_config
```
- The default setting is annotated.

2. Check status of hosts.deny setting

Note

The /etc/hosts.allow and /etc/hosts.deny files control only tcp_wrappers. Apply the rules in the following order:
1. Set to allow what is defined in the /etc/hosts.allow file.
2. Set to block what is not defined in the /etc/hosts.allow file but is defined in /etc/hosts.deny the file.
3. Set to allow what is defined in both /etc/hosts.allow and /etc/hosts.deny files.
It can control certain services of the daemon managed by tcp_wrappers and xinetd.
Example: ssh, telnet, ftp

3. Check firewall

Check the firewall with the following:

a. iptables

b. ufw

The ufw is not applied if the daemon is inactive. If you need to run ufw, exclude the rule to block ssh. No applied rules in default setting.
server-ts-remote-lin-vpc_image15

4. Check routing

Without a default route for eth0, it cannot communicate. Check the static route status for eth0 and 169.254.0.0/16.
server-ts-remote-lin-vpc_image30

5. Check authority problem

Depending on the ssh config, remote access of the root account may be blocked.
If unable to access through root, try connecting with a regular account.
If you don't have a regular access account, enable the server connection console to access root.