.svg)
.svg)
If you enabled UFW and can no longer SSH into your VPS, open SSH on the firewall and verify your SSH key/permissions. Use the LifeinCloud Console (NoVNC/Serial) if SSH is blocked.
Quick explanation
Two common causes:
- UFW is blocking port 22/tcp (or your custom SSH port).
- Your SSH key isn’t being accepted due to permissions, wrong user, or a mismatched key.
Fix it by allowing SSH in UFW and confirming your key/permissions, then restarting the SSH service.
Console quick fix (works on any distro)
Log in via Console from your LifeinCloud client area and run:
sudo ufw allow 22/tcp
sudo ufw reload
sudo systemctl restart ssh || sudo systemctl restart sshd
sudo ufw status verboseIf you use a custom SSH port (e.g., 2222), replace 22/tcp with your port.
Ubuntu / Debian
OpenSSH through UFW
sudo ufw allow OpenSSH || sudo ufw allow 22/tcp
sudo ufw reload
sudo ufw status verboseService & logs
sudo systemctl status ssh
sudo tail -n 100 /var/log/auth.logRocky / AlmaLinux / RHEL
Using UFW (even though these distros default to firewalld)
sudo ufw allow 22/tcp
sudo ufw reload
sudo ufw status verboseService & logs
sudo systemctl status sshd
sudo tail -n 100 /var/log/secureFedora
If you switched to UFW
sudo ufw allow 22/tcp
sudo ufw reload
sudo ufw status verboseService & logs
sudo systemctl status sshd
sudo journalctl -u sshd --no-pager -n 200Arch Linux
Allow SSH with UFW
sudo ufw allow 22/tcp
sudo ufw reload
sudo ufw statusService & logs
sudo systemctl status sshd
sudo journalctl -u sshd -n 200 --no-pageropenSUSE Leap / Tumbleweed
UFW rules
sudo ufw allow 22/tcp
sudo ufw reload
sudo ufw statusService & logs
sudo systemctl status sshd
sudo journalctl -u sshd -n 200 --no-pagerAmazon Linux (2 / 2023)
If UFW is present
sudo ufw allow 22/tcp
sudo ufw reload
sudo ufw statusService & logs
sudo systemctl status sshd
sudo journalctl -u sshd -n 200 --no-pagerOracle Linux
Allow SSH with UFW
sudo ufw allow 22/tcp
sudo ufw reload
sudo ufw status verboseService & logs
sudo systemctl status sshd
sudo tail -n 100 /var/log/secureFix SSH key permissions (any distro)
Run these for the user you SSH into (replace $USER, e.g. ubuntu, debian, ec2-user, root):
sudo -i
USER=ubuntu # <-- change to your login user
HOME_DIR=$(getent passwd "$USER" | cut -d: -f6)
mkdir -p "$HOME_DIR/.ssh"
chown -R "$USER:$USER" "$HOME_DIR/.ssh"
chmod 700 "$HOME_DIR/.ssh"
chmod 600 "$HOME_DIR/.ssh/authorized_keys"
# sanity check
grep -E '^(PubkeyAuthentication|PasswordAuthentication|AuthorizedKeysFile|PermitRootLogin)' /etc/ssh/sshd_config
systemctl restart ssh || systemctl restart sshdIf you need a temporary lifeline, set PasswordAuthentication yes in /etc/ssh/sshd_config, restart SSH, log in, fix keys, then disable it again.
From your computer: diagnostics
See which key is offered
ssh -vvv user@SERVER_IPForce a specific private key
ssh -i ~/.ssh/your_private_key user@SERVER_IP- Make sure you’re using the correct username for the image (e.g.,
ubuntu,debian,ec2-user, orroot). - Verify the public key on the server matches your local private key.
- Ensure permissions are not too open on
~/.sshorauthorized_keys. - Check
AuthorizedKeysFilepath insshd_config(usually.ssh/authorized_keys). - Open 22/tcp (or your custom port) in any provider firewall too.
UFW quick reset (last resort)
If UFW was enabled before adding rules, reset via Console and re-allow SSH:
sudo ufw --force reset
sudo ufw allow 22/tcp
sudo ufw allow 80,443/tcp
sudo ufw --force enable
sudo ufw status numberedFAQ
Which user should I try?
ubuntu (Ubuntu), debian (Debian), ec2-user (Amazon), rocky (Rocky), alma (Alma), or root if enabled in the image.
Does UFW replace my provider firewall?
No. UFW runs inside the VM. If your provider firewall blocks 22/tcp, open it there as well.
