Ask Your Question

Unable to SSH to Devstack Instance from an external computer

asked 2016-01-30 08:42:10 -0600

Anshuman gravatar image

I have a strange problem ever since I installed devstack with OpenStack version "Liberty". I can create instances on the machine and SSH into them without any problem. The devstack is created as a single node with the controller and the compute being on the same machine. The networking used is Nova with an floating IP range of The problem occurs when I try to ssh to an instance from another computer. I have created a route in the router to direct all traffic from to the IP of the machine where OpenStack is installed. I can telnet into the SSH port from this external machine:

$ telnet 22
Connected to
Escape character is '^]'.

However, whenever I try to SSH to an instance from the external machine, I am getting a timeout.

$ ssh -v -i ~/.ssh/xxx.key cirros@
OpenSSH_6.9p1, LibreSSL 2.1.7
debug1: Reading configuration data /Users/username/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to [] port 22.
debug1: Connection established.
debug1: identity file /Users/username/.ssh/xxx.key type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/xxx.key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
ssh_exchange_identification: read: Operation timed out

This used to work in prior versions like Juno though I may have faced a similar issue in Kilo. Either way, this problem goes away whenever I ssh from within the machine where OpenStack is installed. This leads me to believe that there is no problem with the SSH server inside the instance.

Things I have already ensured:

  1. The permission of the private key file is kept at 600.
  2. The same key file was copied over using SCP from the local machine where it works fine.
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-01-31 19:28:02 -0600

Steven Su gravatar image

SSH and Telnet are using different port. Telnet works doesn't mean SSH is fine. Some questions may help to investigate: - Have you enabled SSH in your project security groups? - Can yo SSH from you local host to VM? - Cirros image should allow host authentication - can you try it instead of key file?

edit flag offensive delete link more


  1. Yes, SSH is enabled in Security groups.
  2. Yes, I can SSH from local host to VM.
  3. I tried using host authentication using a password and it does not work from an external machine. Works fine from local machine. Local telnet has an extra response from VM: SSH-2.0-dropbear_2012.5
Anshuman gravatar imageAnshuman ( 2016-02-09 14:44:33 -0600 )edit

Note that this behaviour has been following me for a couple of months. Installed at-least 10+ installations from the new year that have this same issue. Same steps for installation last year with Kilo never had this problem and I have machines that working fine with installation from last year.

Anshuman gravatar imageAnshuman ( 2016-02-09 14:47:06 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-01-30 08:42:10 -0600

Seen: 812 times

Last updated: Jan 31 '16