---
title: Connect to a Linux Node
---

import { CheckCircle, MapPin, Lock, Key, XCircle, Plus, RefreshCw, AlertCircle, Shield } from 'react-feather';

# Connect to a Linux Node

Use this guide to connect to a Linux node from your local machine by using SSH. This page is for Linux nodes only. For Windows nodes, use [Connect to a Windows node](/docs/myaccount/node/connect-to-node/windows-node).

You can connect with either:

- The node password sent through the secure password email after launch.
- An SSH key that was selected during node creation or added later from MyAccount.

SSH keys are recommended for production access. Password login is useful for first access, recovery, or nodes where you did not attach an SSH key.

<div style={{marginBottom:'32px',marginTop:'8px'}}>
  <div style={{display:'flex',gap:'8px',flexWrap:'wrap'}}>
    <a href="#before-you-begin" style={{display:'inline-flex',alignItems:'center',gap:'6px',padding:'6px 14px',background:'var(--ifm-color-emphasis-100)',border:'1px solid var(--ifm-color-emphasis-300)',borderRadius:'20px',fontSize:'13px',color:'var(--ifm-color-emphasis-700)',textDecoration:'none'}}><CheckCircle size={13} /> Before You Begin</a>
    <a href="#find-the-node-ip-address" style={{display:'inline-flex',alignItems:'center',gap:'6px',padding:'6px 14px',background:'var(--ifm-color-emphasis-100)',border:'1px solid var(--ifm-color-emphasis-300)',borderRadius:'20px',fontSize:'13px',color:'var(--ifm-color-emphasis-700)',textDecoration:'none'}}><MapPin size={13} /> Find Node IP</a>
    <a href="#connect-with-password" style={{display:'inline-flex',alignItems:'center',gap:'6px',padding:'6px 14px',background:'var(--ifm-color-emphasis-100)',border:'1px solid var(--ifm-color-emphasis-300)',borderRadius:'20px',fontSize:'13px',color:'var(--ifm-color-emphasis-700)',textDecoration:'none'}}><Lock size={13} /> Password Login</a>
    <a href="#connect-with-an-ssh-key" style={{display:'inline-flex',alignItems:'center',gap:'6px',padding:'6px 14px',background:'var(--ifm-color-emphasis-100)',border:'1px solid var(--ifm-color-emphasis-300)',borderRadius:'20px',fontSize:'13px',color:'var(--ifm-color-emphasis-700)',textDecoration:'none'}}><Key size={13} /> SSH Key Login</a>
    <a href="#if-password-login-was-disabled" style={{display:'inline-flex',alignItems:'center',gap:'6px',padding:'6px 14px',background:'var(--ifm-color-emphasis-100)',border:'1px solid var(--ifm-color-emphasis-300)',borderRadius:'20px',fontSize:'13px',color:'var(--ifm-color-emphasis-700)',textDecoration:'none'}}><XCircle size={13} /> Password Disabled</a>
    <a href="#add-or-replace-ssh-keys-after-launch" style={{display:'inline-flex',alignItems:'center',gap:'6px',padding:'6px 14px',background:'var(--ifm-color-emphasis-100)',border:'1px solid var(--ifm-color-emphasis-300)',borderRadius:'20px',fontSize:'13px',color:'var(--ifm-color-emphasis-700)',textDecoration:'none'}}><Plus size={13} /> Add SSH Key</a>
    <a href="#change-the-node-password" style={{display:'inline-flex',alignItems:'center',gap:'6px',padding:'6px 14px',background:'var(--ifm-color-emphasis-100)',border:'1px solid var(--ifm-color-emphasis-300)',borderRadius:'20px',fontSize:'13px',color:'var(--ifm-color-emphasis-700)',textDecoration:'none'}}><RefreshCw size={13} /> Change Password</a>
    <a href="#common-connection-problems" style={{display:'inline-flex',alignItems:'center',gap:'6px',padding:'6px 14px',background:'var(--ifm-color-emphasis-100)',border:'1px solid var(--ifm-color-emphasis-300)',borderRadius:'20px',fontSize:'13px',color:'var(--ifm-color-emphasis-700)',textDecoration:'none'}}><AlertCircle size={13} /> Troubleshoot</a>
    <a href="#security-checklist" style={{display:'inline-flex',alignItems:'center',gap:'6px',padding:'6px 14px',background:'var(--ifm-color-emphasis-100)',border:'1px solid var(--ifm-color-emphasis-300)',borderRadius:'20px',fontSize:'13px',color:'var(--ifm-color-emphasis-700)',textDecoration:'none'}}><Shield size={13} /> Security Checklist</a>
  </div>
</div>

---

## Before You Begin

Make sure you have:

| Requirement                       | Where to check                                                                                              |
| --------------------------------- | ----------------------------------------------------------------------------------------------------------- |
| Node status                       | The node should be in `Running` state in Compute > Nodes.                                                   |
| Public IP or private network path | Use the Public IP column in the node list, or use a private IP only from a network that can reach the node. |
| Login username                    | Use the username shown in the password email, image notes, or your configured OS user.                      |
| Password or private key           | Use the password email, or the private key that matches an SSH key attached to the node.                    |
| Security group access             | Inbound TCP port `22` must be allowed from your source IP or network.                                       |

:::note
E1-series nodes do not include a default public IP. If the Public IP column shows `Not Assigned`, attach a primary public IP where supported or connect through a private network path that can reach the node.
:::

:::tip Best Practice
Do not expose SSH to all internet sources unless you intentionally need that access. Restrict TCP port `22` to your office, VPN, bastion host, or trusted source IP range.
:::

---

## Find the Node IP Address

1. Log in to [MyAccount](https://myaccount.e2enetworks.com/).
2. Go to Compute > Nodes.
3. Find the Linux node you want to access.
4. Use one of these addresses:

| Address    | When to use it                                                                                            |
| ---------- | --------------------------------------------------------------------------------------------------------- |
| Public IP  | Use this when connecting from the internet.                                                               |
| Private IP | Use this only when your machine, VPN, bastion host, or another node can reach the node's private network. |

If the node has no public IP:

- For E1-series nodes, attach a primary public IP if the node must be reachable from the internet.
- For VPC-only workloads, connect from a host that has private network access to the node.
- Use Access Console from the node list or node details page if you need emergency console access while fixing network settings.

---

## Connect with Password

Use this method if password-based SSH login is enabled for the node.

1. Open a terminal on your local machine.
2. Run the SSH command with your node username and IP address:

```bash
ssh <username>@<node-ip>
```

Example:

```bash
ssh root@203.0.113.10
```

3. If this is the first time your machine is connecting to the node, SSH asks you to confirm the host fingerprint. Type `yes` only if the IP address is the node IP you intended to connect to.
4. Enter the password from the secure password email.

:::note
The secure password link is sent to the registered email address after node creation. The link expires after 168 hours. Save the password securely when you retrieve it.
:::

If the password does not work:

- Confirm that password-based SSH login was not disabled during node creation.
- Confirm that you are using the right username for the selected Linux image.
- Confirm that inbound TCP port `22` is allowed in the selected security group.
- If you changed the password later, use the latest password.

---

## Connect with an SSH Key

Use this method if an SSH key was selected during node creation or added later from the node details page.

1. Open a terminal on your local machine.
2. Make sure the private key file is readable only by your user:

```bash
chmod 600 ~/.ssh/<private-key-file>
```

3. Connect with the private key:

```bash
ssh -i ~/.ssh/<private-key-file> <username>@<node-ip>
```

Example:

```bash
ssh -i ~/.ssh/e2e-node-key root@203.0.113.10
```

4. If your key has a passphrase, enter the key passphrase when your SSH client asks for it.

:::tip Best Practice
The public key is stored in MyAccount and on the node. The private key stays with you. Never upload or share the private key.
:::

---

## If Password Login Was Disabled

During node creation, the SSH Keys section lets you select SSH keys and then disable password-based SSH login. The portal only enables that option after at least one SSH key is selected.

If password login is disabled:

- You must use a private key that matches an SSH key attached to the node.
- The password email may still exist, but SSH password login will not work for that node.
- If you lose the private key, add another SSH key from MyAccount and try again.

---

## Add or Replace SSH Keys After Launch

You can add SSH keys to an existing Linux node from MyAccount.

1. Go to Compute > Nodes.
2. Open the node details page.
3. Use the Add SSH keys action or go to the node Security area.
4. Select an existing key, or create a new SSH key if your account permissions allow it.
5. Submit the change.
6. Retry SSH with the private key that matches the key you added.

Adding a new SSH key is useful when:

- You did not select an SSH key during node creation.
- A team member needs access.
- You lost the old private key.
- You want to rotate access to a new key.

:::note
If the node is locked, in a restricted state, or acting as a DR target, the portal can disable SSH-key changes. Resolve the node state first or contact support if the action remains unavailable.
:::

---

## Change the Node Password

If password access is still allowed, you can update the node password from the node Security area.

The portal validates the new password before submitting it. The password must be 16 to 30 characters and include uppercase, lowercase, number, and special-character requirements.

After the password is updated, use the new password for SSH password login.

:::warning Caution
Changing the password does not replace SSH keys. If key-based access is enabled, existing attached SSH keys can still be used unless you remove them.
:::

---

## Common Connection Problems

| Symptom                               | Likely cause                                                                                      | What to do                                                                                            |
| ------------------------------------- | ------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- |
| `Permission denied (publickey)`       | The private key does not match an attached SSH key, or the username is wrong.                     | Use the correct private key, confirm the username, or add a new SSH key from MyAccount.               |
| `Permission denied, please try again` | Password login is disabled, the password is wrong, or the username is wrong.                      | Use SSH key login, confirm the username, or update the password from MyAccount.                       |
| `Connection timed out`                | The node has no reachable public IP, TCP port `22` is blocked, or the route is not reachable.     | Check the primary public IP, Add-on IPs, VPC path, and security group inbound rules.                  |
| `Connection refused`                  | SSH service is not listening, the OS firewall blocks SSH, or the node is still starting services. | Use Access Console to inspect SSH service status, or retry after the node is fully running.           |
| Host key warning                      | Your local machine has a different stored host key for the same IP or hostname.                   | Verify you are connecting to the intended node before removing or replacing the old known-host entry. |
| Public IP shows `Not Assigned`        | The node does not have a public IP. This is expected for some E1-series setups.                   | Attach a primary public IP or connect through private networking.                                     |

---

## Security Checklist

Before using the node for production:

- Prefer SSH keys over password login.
- Keep private keys on trusted machines only.
- Restrict security group inbound TCP `22` to trusted source IPs.
- Avoid sharing the root password over chat or tickets.
- Rotate SSH keys when a team member leaves or a key is exposed.
- Keep an emergency access path, such as Access Console or a break-glass SSH key.

---

## Automate This

For automation, use the approved MyAccount API documentation as the public source of supported node and SSH-key operations:

- [MyAccount API Reference](https://docs.e2enetworks.com/api/myaccount/)

Do not depend on private or unpublished fields unless the field is present in the approved public API documentation.

---

## Related Resources

| Resource                                                                        | Use it for                                                   |
| ------------------------------------------------------------------------------- | ------------------------------------------------------------ |
| [Create a node](/docs/myaccount/node/getting-started/create-node)               | Launch a Linux node and select password or SSH-key access.   |
| [Choose a node family](/docs/myaccount/node/getting-started/choose-node-family) | Decide between E1, C3, M3, SDC, SQL, GPU, and other options. |
| [SSH Key Management](/docs/myaccount/security/ssh_key_management)               | Create and manage SSH keys in MyAccount.                     |
| [Security Groups](/docs/myaccount/network/security_grp)                         | Allow or restrict TCP port `22`.                             |
| [Static Public IPs](/docs/myaccount/network/reserve_ip)                         | Attach a primary public IP when the node does not have one.  |
| [Manage Nodes](/docs/myaccount/node/manage)                                     | Manage node actions after launch.                            |
| [Connect to a Windows node](/docs/myaccount/node/connect-to-node/windows-node)  | Access Windows nodes with RDP.                               |

## Next Step

After you connect, update the OS packages, configure your application, and tighten the security group to only the ports your workload needs.