# Troubleshoot SSH Connection
## Introduction
This guide is designed to help you troubleshoot and restore SSH access to your Validator node when it was previously working but is now unreachable.
{% content-ref url="/pages/pak1gd9we9flqJekCoMf" %}
[How to SSH into VPS](/run-a-node/references/ssh-remote-access/how-to-ssh-into-vps.md)
{% endcontent-ref %}
## Common Steps
✅ Verify the **username** for the VPS you're connecting to
* e.g.) `nodeadmin`
✅ Check your **SSH key pair file names**
* Private key must match the server's authorized key.
✅ Confirm correct **permissions**
* private key should be read-only: `chmod 400`
✅ Ensure the **public key exists** on the server in the correct location
✅ Confirm the **private key file exists locally**
* Is it correctly referenced by your SSH command.
***
## :house: Local IP address
Many ISPs assign **dynamic IP addresses** to customer routers.
A change in your IP may cause your cloud provider’s firewall to block your SSH attempts.
### :adhesive\_bandage:Symptoms:
| Your SSH terminal or remote connection application sits idle and eventually shows `Connection timed out` messages. |
| ------------------------------------------------------------------------------------------------------------------ |
| Terminal or remote terminal application will how a blank screen only |
| No password or key prompts appear |
| Not entering the SSH connection string and attempting to run commands locally instead of through your SSH tunnel. |
💡 Example:
```bash
ssh -i ~/.ssh/my_identity_file nodeadmin@13.13.13.13
ssh: connect to host 13.13.13.13 port 22: Operation timed out
```
***
## 🔧 How to Fix It
{% stepper %}
{% step %}
### Determine your new IP address
Open your web browser and navigate to:
### [www.whatismyip.com](http://www.whatismyip.com/)
{% endstep %}
{% step %}
### Record New IP Address
Copy your **current public IPv4 address**
{% endstep %}
{% step %}
### Cloud Provider Console
Go to your **cloud provider's web console.**
{% endstep %}
{% step %}
### Update Firewall Rules
Update your **firewall or security group rules** to allow SSH access **from your new IP**
* **AWS**: Update the Security Group
* **DigitalOcean**: Update Firewall settings
* **Hetzner**: Follow DigitalOcean-style firewall update workflow
{% hint style="warning" %}
Refer to the [Cloud Provider Specific Guides](/run-a-node/validator-node-guides/build-your-node/cloud-provider-specific.md).
{% endhint %}
{% endstep %}
{% endstepper %}
Try connecting again after updating the rules.
***
## 🔐 SSH Key Issues
### 📍 Local Key Issues
Ensure the private key file:
* Still exists in the expected location
* Has not been renamed or moved
* Is intact and not corrupted
* Has the proper permissions
{% hint style="info" %}
📌 Tip:
If in doubt, restore your key from a **known-good** backup.
{% endhint %}
**Important:** Once resolved, **create a backup** of your SSH keys if you haven’t already.
***
## 📡 Remote Key Issues (Accessing via Console)
If you can still access your VPS through your **cloud provider's web console**:
{% stepper %}
{% step %}
### Log into the Web Terminal
{% endstep %}
{% step %}
### Navigate to the `.ssh` Directory
```bash
cd ~/.ssh
ls -l
```
{% endstep %}
{% step %}
### Verify Public Key
Check for the authorized public key file
`authorized_keys` or `.pub` file.
If the key is missing or incorrect:
Check alternate directories:
```bash
ls -l /root/.ssh/
ls -l /home/ubuntu/.ssh/
ls -l /home/admin/.ssh/
```
{% endstep %}
{% step %}
### Identify `_backup`
If you find your key with a `_backup` attached to the name of the file, issue the following command and check again:
Enable root SSH temporarily:
```bash
sudo nodectl enable_root_ssh
```
{% endstep %}
{% step %}
### Copy SSH Key Back Over
Copy the key into your nodeadmin’s `.ssh` directory :
```bash
sudo cp /root/.ssh/mypublickey.pub /home/nodeadmin/.ssh/mypublickey.pub
```
Change ownership
```
sudo chown nodeadmin:nodeadmin /home/nodeadmin/.ssh/mypublickey.pub
```
{% endstep %}
{% step %}
### Disable Root Access Again
```
sudo nodectl disable_root_ssh
```
{% endstep %}
{% endstepper %}
Re-Attempt to create an SSH connection to your node.
***
## 📡 Cloud Provider Outage
* Visit your cloud provider’s **main dashboard**
* Look for service alerts
* If the console is also unreachable, check external outage reports
* Google
* Twitter
* [Downdetector](https://downdetector.com)
***
## 🖥️ VPS-Specific Issue
* From the cloud console, check the **status of your VPS instance**
* Ensure it’s running and not reporting hardware or OS-level errors
***
## 🌍 Local Internet Outage
* If you cannot connect to any external site or service, confirm your own network is online
* Restart your router/modem if necessary and try again later
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.constellationnetwork.io/run-a-node/validator-node-guides/troubleshooting-guides/troubleshoot-ssh-connection.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.