fly ssh console not working

Team, when I try to run fly ssh console for my application I get an error stating it cannot connect to the address, as below:

flyctl ssh console --verbose
Connecting to top1.nearest.of.soap-ecommerce.internal... complete
Error error connecting to SSH server: connect tcp [fdaa:0:6264:a7b:66:a74c:97c6:2]:22: operation timed out

I have seen a couple topics like this from last year but the only resolution is to try again after fly.io support fixes something. So, could you please have a look at my application and see if there is any problem there?

Thanks a lot!

1 Like

This is usually a problem between flyctl and our network. In particular, VPNs seem to interfere with our networking. Here are some things you can try:

  1. Disable VPNs just to see
  2. Run flyctl doctor and see if all the checks come back green
  3. Run fly wireguard websockets enable. This puts our networking in an experimental mode that works over websockets instead of UDP. It sometimes helps.
1 Like

Whenever I have this problem I use fly ssh console -s allowing me to select an instance that is available (fly status to list instances)

One time I was actually going to create a bug report here but the problem eventually stopped being recurrent. From my experience is is always because flyctl is trying to connect to instances that are no longer available.

2 Likes

Hey, flyctl doctor gave me a PASS for everything and I also updated it to the latest version. Running fly wireguard websockets enabled and then fly ssh console worked like a charm. If I disable websockets and try fly ssh console again it keeps working. So it sounds like everything is fixed and working now. Thanks!

I’ve got the same problem. When I do fly ssh console -s

╰─$ fly ssh console -s
? Select instance:  [Use arrows to move, type to filter]
> fra (fdaa:0:6e5f:a7b:b9b7:6c48:6170:2)
  fra (fdaa:0:6e5f:a7b:b9b8:79bd:6db5:2)
  fra (fdaa:0:6e5f:a7b:b9b8:ced4:6fc0:2)
  fra (fdaa:0:6e5f:a7b:b9b7:8e6d:6beb:2)
  fra (fdaa:0:6e5f:a7b:b9b8:10ea:1c89:2)
  fra (fdaa:0:6e5f:a7b:b9b8:954b:cfc0:2)
  fra (fdaa:0:6e5f:a7b:b9b8:cf29:1077:2)

Not sure which one to pick here. The command picks the first one on its own but that doesn’t work. The other ones didn’t work either, I could connect to the last one but then I get this :point_down: when I want to connect to my app.

/app/bin # ./dert_gg_web remote
Erlang/OTP 24 [erts-12.3.2.2] [source] [64-bit] [smp:1:1] [ds:1:1:10] [async-threads:1] [jit:no-native-stack]

Could not contact remote node wild-frog-7798@ip, reason: :nodedown. Aborting...

env.sh.eex

Not sure whether it’s of any use, but this is my env.sh.eex. I just took it from a blog post by Miguel Coba.

#!/bin/sh

# Sets and enables heart (recommended only in daemon mode)
# case $RELEASE_COMMAND in
#   daemon*)
#     HEART_COMMAND="$RELEASE_ROOT/bin/$RELEASE_NAME $RELEASE_COMMAND"
#     export HEART_COMMAND
#     export ELIXIR_ERL_OPTIONS="-heart"
#     ;;
#   *)
#     ;;
# esac

# Set the release to work across nodes.
# RELEASE_DISTRIBUTION must be "sname" (local), "name" (distributed) or "none".
ip=$(grep fly-local-6pn /etc/hosts | cut -f 1)

export RELEASE_DISTRIBUTION=name
export RELEASE_NODE=$FLY_APP_NAME@ip
export ELIXIR_ERL_OPTIONS="-proto_dist inet6_tcp"

@andreyuhai will you run fly ips private and compare with the list -s gave you?

It’s the same as the last one when I do fly ssh console -s

╰─$ fly ips private
  ID       | REGION | IP
-----------*--------*-----------------------------------
  cf291077 | fra    | fdaa:0:6e5f:a7b:b9b8:cf29:1077:2

╰─$ fly ssh console -s
? Select instance:  [Use arrows to move, type to filter]
> fra (fdaa:0:6e5f:a7b:b9b7:6c48:6170:2)
  fra (fdaa:0:6e5f:a7b:b9b8:79bd:6db5:2)
  fra (fdaa:0:6e5f:a7b:b9b8:ced4:6fc0:2)
  fra (fdaa:0:6e5f:a7b:b9b7:8e6d:6beb:2)
  fra (fdaa:0:6e5f:a7b:b9b8:10ea:1c89:2)
  fra (fdaa:0:6e5f:a7b:b9b8:954b:cfc0:2)
  fra (fdaa:0:6e5f:a7b:b9b8:cf29:1077:2)

But then as I mentioned when I connect to that and try to connect to my app, I get the error I shared in my previous post.

Also why do I get all those dead instances?

Same issue here. fly ips private is empty for me.

Fantastic. I have been having random trouble with fly ssh console on VPN on foreign networks (cafè’s, hotels, coworking spaces) forever.
The fly doctor command diagnosed and told me exactly what to do (flyctl wireguard reset) WITHOUT having to shut down my VPN connection! Yay! A+!

Small suggestion:
When fly ssh console fails, perhaps print a friendly “Oops! Try flyctl doctor or these suggestions: …” hint? Current message is quite cryptic:

$ fly ssh console --verbose
Connecting to tunnel 🌏 Error tunnel unavailable: failed probing "personal": context deadline exceeded