When attempting direct SSH access to a Vagrant VM (IP: 10.0.0.23, hostname: lamp-vm) using ssh vagrant@lamp-vm, we encounter a connection timeout on port 22 despite successful vagrant ssh connections.
First, verify the VM's network interface configuration. Run this inside the VM:
vagrant ssh -c "ip addr show | grep 'inet '"
Compare the output with your local /etc/hosts entry (10.0.0.23 lamp-vm). The private network interface should appear as:
inet 10.0.0.23/24 brd 10.0.0.255 scope global eth1
Check if SSH is actually running on the expected port:
vagrant ssh -c "sudo netstat -tulpn | grep sshd"
Expected output:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1234/sshd
Inspect iptables rules that might block external SSH access:
vagrant ssh -c "sudo iptables -L -n -v"
Look for any DROP/REJECT rules targeting port 22 from external sources.
Your Vagrantfile should explicitly configure the private network:
config.vm.network "private_network", ip: "10.0.0.23"
config.vm.network "forwarded_port", guest: 22, host: 2222, id: "ssh"
Try these SSH command variations:
ssh -vvv -o IdentitiesOnly=yes -i ~/.vagrant.d/insecure_private_key vagrant@10.0.0.23
Or using the forwarded port:
ssh -p 2222 vagrant@127.0.0.1
Update your ~/.ssh/config with more specific parameters:
Host lamp-vm
HostName 10.0.0.23
User vagrant
IdentityFile ~/.ssh/vagrant
IdentitiesOnly yes
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
LogLevel DEBUG3
Ensure proper permissions for SSH keys:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/vagrant
chmod 644 ~/.ssh/config
Run these local network tests:
ping -c 4 10.0.0.23
nc -zv 10.0.0.23 22
traceroute 10.0.0.23
Understand how Vagrant manages SSH connections:
vagrant ssh-config
This reveals the actual connection parameters Vagrant uses, including the exact private key path and any port forwarding in effect.
When working with Vagrant VMs, direct SSH access might fail even when vagrant ssh works perfectly. The error message:
debug1: connect to address 10.0.0.23 port 22: Connection timed out
ssh: connect to host lamp-vm port 22: Connection timed outtypically indicates network-level connectivity issues rather than authentication problems.
First verify your VM's network settings in the Vagrantfile:
config.vm.network "private_network", ip: "10.0.0.23"Then confirm the interface is up:
# On host machine
ping 10.0.0.23
# Inside VM (via vagrant ssh)
ip addr showVagrant VMs often have restrictive firewall rules. Check these common solutions:
# Ubuntu/Debian VM
sudo ufw allow 22/tcp
# CentOS/RHEL VM
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reloadYour ~/.ssh/config appears correct, but let's enhance it:
Host lamp-vm
HostName 10.0.0.23
User vagrant
IdentityFile ~/.ssh/vagrant
Port 22
TCPKeepAlive yes
ServerAliveInterval 60Vagrant uses its own key pairs. To use them directly:
ssh -i ~/.vagrant.d/insecure_private_key vagrant@10.0.0.23Or for newer versions:
ssh -i /path/to/your/vagrant_project/.vagrant/machines/default/virtualbox/private_key vagrant@10.0.0.23If direct connection fails, set up port forwarding in Vagrantfile:
config.vm.network "forwarded_port",
guest: 22,
host: 2222,
id: "ssh",
auto_correct: trueThen connect via:
ssh -p 2222 vagrant@localhostAlways use verbose SSH flags for troubleshooting:
ssh -vvv vagrant@lamp-vmThis reveals exactly where the connection fails in the TCP handshake.