How to Troubleshoot SSH Shell Environment Issues

Once your SSH connection is established and you are authenticated, the remote shell environment is then executed. There are a couple of issues that can occur at this point as described below, followed by actions you can take to address them.

Prerequisites to Troubleshooting SSH Issues

Before troubleshooting SSH issues, determine if migrating or redeploying is more appropriate for your situation, make sure the issue is truly with SSH, and review information and skills you need to troubleshoot successfully.

Errors

Could Not chdir To Home Directory

In some cases, you may cause damage to directory ownership or permissions that can cause problems when trying to access the home directory. This can result in errors like the following:

Could not chdir to home directory /home/user: Permission denied

Could not chdir to home directory /home/user: Input/output error

Could not chdir to home directory /home/user: No such file or directory

Some issues might stem from the user home directory not existing, its ownership being incorrect, or its permissions being too restrictive. This also might happen when filesystem issues have corrupted the home directory.

To troubleshoot this issue, try checking the home directory’s existence, permissions, and ownership.

This Account Is Currently Not Available

In some cases, users may be configured to not have a login shell. This can manifest in several ways in the shell not responding. You might see an error like this:

This account is currently not available.

Here are some potential causes of this issue:

• The user is a system user and not intended for shell access.
• The user shell is assigned to nologin, true, false or another non-shell binary. In this case, you can update the user shell.

Resource Temporarily Unavailable

The SSH service, like any service, requires system resources to operate. This means that when your Droplet is under resource-constrained conditions, the service may fail to open a working shell environment. These conditions include exhausting the system memory, reaching the system’s open file limit, or crashing the runtime environment.

You might see an error message like this:

ssh: connect to host example.com port 22: Resource temporarily unavailable

Resource issues can be difficult to debug, and depends on the kind of access you have to your Droplet. Read below on how to handle resource issues.

Solutions

Below are some troubleshooting methods and solutions to common SSH environment errors.

Checking The Home Directory

In some cases, you may need to use the Recovery Console to log in as root to evaluate the home directory with sufficient permissions to address any issues. Verify that /home and the path for the user’s home directory exist using stat or a similar utility.

If the directories exist, verify that the user’s home directory has appropriate permissions (at least 700) and ownership (the user, not root).

Updating The User Shell

From the Recovery Console, log in as root or a user with sudo access. You can review the /etc/passwd file directly or use the getent command to list the details:

getent passwd user

You’ll see output like this. Note the /usr/sbin/nologin.

user:x:1000:1000::/home/user:/usr/sbin/nologin

To update this, use the system command usermod and specify the correct shell to use, like /bin/bash.

usermod -s /bin/bash user

Run the getent command again to see the change reflected in the output:

user:x:1000:1000::/home/user:/bin/bash

You can then try logging in again.

Dealing With Resource Issues

Dealing with resource issues is a very context-specific situation.

If resource contention is caused by network requests (like a DDoS attack against a web application), you may be able to disable the service or block traffic at the firewall from the Recovery Console. This may allow enough room for you to assess the impact of the situation and implement mitigation strategies or consider scaling your deployment.

If you cannot log in from the Recovery Console, the last resort option is to power cycle or reboot the Droplet. Depending on the cause of the resource exhaustion, this may hit the same environment or initially support a connection that gives an Unable to fork process error when you attempt to run a command. Catching the Recovery Console or SSH connection to the Droplet after a reboot but before it becomes unresponsive is key to troubleshooting the root cause.

You can learn more about scaling, load balancing, and expanding your Droplet’s resources in the following tutorials:

• How To Automate the Scaling of Your Web Application on DigitalOcean
• How To Resize Your Droplets on DigitalOcean
• An Introduction to HAProxy and Load Balancing Concepts

Conclusion

If you need further help, you can open a support ticket. Make sure to include the following information:

• The username, host, and port you are using to connect.
• The authentication mechanism you expect to use.
• The full output of the errors linked to the stage of error, including verbose output of the SSH client
• All of the information you’ve gathered from troubleshooting so far.
• Anything you were unclear about while referencing this article.

Including all the above diagnostic information and clarifying where you are encountering the issue when trying to connect can help us quickly get up to speed with where your need on the issue is.

Related Topics

How to Troubleshoot SSH Authentication Issues

Problems with SSH authentication includes permission denied with SSH keys and passwords.

How to Troubleshoot SSH Connectivity Issues

Problems with SSH connectivity include hostname resolution errors and connections being refused or timing out.

How to Troubleshoot SSH Protocol Issues

Problems during SSH protocol initiation include the client suddenly getting dropped or closed, the client returning errors about cipher negotiation, or issues with an unknown or changed remote host.