This post discusses the Troubleshooting Steps for Connectivity Issues you can face while connecting to a Compute (Linux/Windows) & Database Instance in Oracle Cloud (OCI).
There could be multiple reasons of Instance Connectivity issues in OCI like:
- Issue 1: In Security List SSH port 22 (Linux) and Port 3389 (Windows) is not open from the internet in Cloud Firewall and port 1521 to connect to database listener.
- Issue 2: SSH Public key you generated was not uploaded properly while creating the instance (or you are not using Private Key Properly in Putty). And Private key version might be wrong. To know how to create SSH keys click here https://k21academy.com/oci51
- Issue 3: You have forgotten to add the Private key under SSH->Auth
- Issue 4: It could be a typo issue for username
Steps for Connecting to a Compute (Linux/Windows) & Database Instance:
There are 3 main ways to network to Oracle Cloud Instance i.e…
- SSH (Secure Shell)
- IPsec VPN (Virtual Private Network)
- FastConnect
Note: Here is a slide from the Connectivity/Security Module of our Cloud Trainings ( OCI, DBA to Cloud DBA & EBS (R12) on Cloud).
Note: Here, I have explained the Troubleshooting steps of connectivity when you are using SSH (Secure Shell) with Public IP. If you want to connect On-Premise Data with FastConnect or IPSec VPN via DRG (Dynamic Routing Gateway) within the VCN, Create Instance or deploy Database on Private Subnet and use Private IP to connect.
Connectivity Issues:
At the beginning of this post, I mentioned there could be multiple reasons for issues on Instance connectivity, Let’s see how the error will look like:
- Issue 1: In Security List SSH port 22 (Linux) and Port 3389 (Windows) is not open from the internet in Cloud Firewall and 1521 Port to connect to database listener.
- telnet <public IP of Machine> 22
- telnet <public IP of Machine> 3389
Network Error: Connection timed out
- Issue 2: SSH Public key you generated was not uploaded properly while creating the instance (or you are not using Private Key Properly in Putty).
PUTTY Fatal Error: Disconnected: No supported authentication methods available (server sent: publickey, gssapi-keyex, gssapi-with-mic)
Solution:
If this error occurs when you are connecting through PuTTY, check with PuTTY version SSH-2 RSA is there. if not change the version of key (puttygen private key file version) from 3 to 2 and save it. This is the one of the reasons and the other might be the wrong key i.e., the generated and downloaded key itself is a wrong one.
Steps:
- Click on Key at the top (beside file in navigation bar)
- Then select the parameters for saving files.
- Then PuTTYgen: Private Key file parameters pops-up, do the changes and save it.
- Issue 3: You have forgotten to add the Private key under SSH->Auth
- Issue 4: It could be a typo issue for username
Troubleshooting:
Let’s start with the pre-checks you should follow before Troubleshooting to the Compute/Database Instance.
PRE-CHECKS:
- The Instance should be created in the Public Subnet.
- Subnet should have a Route to the Internet Gateway.
- Port 22 (Linux)/3389 (Windows) and Port 1521 should be Open in the Security List.
- If connected to the office VPN/network, Firewall Blocking, Port 22/3389 should be open.
- Test the Connectivity.
Check 1: Subnet Should be Public.
To connect to your instance, you’ll need its public IP address. You will get the public IP only when you have used the Public Subnet while creating the Instance. If you have selected the Private Subnet, you can’t change it to the public and you will have to create a new Instance in the Public Subnet.
Note: There are 2 types of Subnet Public & Private (Check more on Subnets here)
Private IP:
If you Create Instance or deploy Database on Private Subnet, you only get Private IP of your Machine & database host machine. It only accepts connections from machines within the VCN or you can connect to your on-premises network using FastConnect or IPSec VPN via DRG (Dynamic Routing Gateway)
Public IP:
When you create Instance or a database using Public Subnet, you will be getting Private & Public IP both and you will be able to access your Instance and database host machine using Public IP.
a) Steps to Get the Public IP of the Compute Instance:
- In the Console, click on “Compute”.
- Click on the Instance name to see its details.
3. Make a note of the Public IP Address.
b) Steps to Get the Public IP of the Database Instance:
Note: You will get the public IP only if you have used the Public Subnet. If you have selected the Private Subnet, you can’t change it to the public, and you will have to create a new Instance.
- Login to the OCI Console and navigate to the Database section.
2. Click on the Database name on which you want to connect.
3. On the left side of the Database Instance Details page, click on Nodes under the Resources.
Check 2: Route to the Internet Gateway (IGW).
Next Step is to check the Public Subnet belonging to the Instance should have a Routing Table going to the Internet Gateway.
- Login to the OCI console, navigate to the VCN & select the VCN which you have used during Instance creation.
- Go to the VCN details page, & click on the Public Subnet which belongs to the Instance.
3. This Subnet should have the Route Table associated with it and that Route Table should have a connection to the Internet Gateway.
Note: If you created the VCN without Related Resources, then you have to manually create the Internet Gateway & the Route Table.
a) Steps to Create Internet Gateway & Add Route Rule:
- Click on the VCN, then under Resources click on the Internet Gateway.
- Create an Internet Gateway and fill all the required details.
3. Click on the Route Table from the left Submenu.
4. Click on the Default Route Table and add the Route Rules.
5. Enter the required fields (Target type, Destination CIDR Block, Compartment, Target IGW).
Check 3: Port 22 (Linux)/3389 (Windows) and Port 1521 Should be Open.
Next step is to check if Port 22 (Linux) & 3389 (for Windows) is opened in the Security List.
Note: Security List is the firewall which allows the connection.
- Under Networking, click on VCN.
- From the left submenu, select the Public Subnet in which you have created the Database or the Compute machine.
- Click on the Security List and then click on the Security List name.
- Under your Security List, add an Ingress rule to open Port 22 (for Linux) & open Port 3389 (for Windows).
To know how to create a security list and open port in Oracle Gen2 Cloud check here
Note: If you want to open port 1521, then follow the same process & you can give the source CIDR of your choice, where 0.0.0.0/0 will open for the Public Internet & in the same way you can provide the VCN or Subnet CIDR.
In order to find if SSH port 22 is open on Cloud from the Internet, use telnet from the machine you are connecting
telnet <public IP of Machine> 22
If the port is open you should see output like
Trying 129.154.72.105…
Connected to .129.154.72.105
Escape character is ‘^]’.
In order to find if Port 3389 is open, use the cmd command prompt
telnet <public IP of Machine> 3389
Note: Make sure you have enabled Telnet Client in your Desktop/Laptop. Go to Programs and Features->Windows Features->Telnet Client.
Check 4: Office VPN/network, Firewall Blocking, Port 22/3389 Should be Open
If you are using Office VPN/Network while connecting to a Compute/Database Instance in Oracle Cloud (OCI). Make sure Port 22 for Linux Machine and Port 3389 for Windows machine are open.
Check if your Laptop/Pc Firewall is blocking the connectivity
Test the Connectivity:
Now that you have performed all the Steps for troubleshooting, check whether you can connect to your instance or not.
You can connect to a running Instance using a Secure Shell (SSH) for Linux or Remote Desktop connection for Windows. To connect to a Linux Instance from your Laptop, you can download a FREE SSH client called PuTTY from Here.
Enter the Public IP Address in the Hostname, then add the SSH Private key under SSH & then Auth. Click on Open.
Well, that was all on How to Create & Connect Windows/Linux machine on Oracle Cloud (OCI).
Hope the mentioned troubleshooting steps will help you.
Related/Further Readings
- Create Compute (Linux/Windows Machine) On Oracle Cloud (OCI)
- How To Create Database on Oracle’s Gen2 Cloud (OCI)
- Oracle Cloud: Create VCN, Subnet, Firewall (Security List), IGW, DRG: Step By Step
Begin Your Cloud Journey
Begin your journey towards becoming a Certified Oracle Cloud Infrastructure Architect and earning a lot more in 2022 by joining our FREE CLASS. You will also know more about the Roles and Responsibilities, Job opportunities for OCI Architects in the market, and what to study Including Hands-On labs you must perform to clear the Oracle Cloud Architect Associate Certification (OCI) certification exam by registering for our FREE Masterclass.
Click on the below image to Register Our FREE Class on Master Oracle Cloud (OCI) and Get a Higher Paying Job!
Anshu says
When I launch a new VM, with Oracle generated keys, my Putty SSH client doesn’t identify the private key file & doesn’t let me connect.
However, if I generate own keys using Puttygen key generator, give it when creating new instance, then at the time of connection, new instance rejects the pvt key file. Still not able to connect. I’ve utilized your instructions too, it’s the same as what I tried before too. Putty still doesn’t connect.
Our client is discouraged upon finding difficulty in simple connections !
This documentation says I can use Putty & I’m following the same procedure, however it doesn’t work :
https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/Tasks/accessinginstance.htm
Putty throws this error :
Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
Surbhi Sharma says
Hello Anshu,
When you are generating the key using Puttygen, please copy the full content of Public key & paste it in a Notepad file, & use that copied key during the VM creation, and then when you are connecting it via Putty then dont forget to add the SSH Private key under SSH & then Auth.
Hope it will resolve the issue, please try once again creating the VM & let us know if you still face issues
Regards,
Surbhi
Team k21
Anshu says
Yes Surabhi, I’ve tried all that. The creation of instance works both ways : Oracle provided or Putty generated keys. However, during SSH connection, pvt key is rejected by VM’s public IP with the error I mentioned above.