Can't esablish dialer connection: can not build dialer

Working though an issue with a cluster deployment on VMware. The rancheros 1.0.5 vms are created, however after about 5 or so minutes I see this in the webui.
Cluster must have at least one etcd plane host: failed to connect to the following etcd host(s) []
Looking rancher logs show an issue setting up SSH. However if I use the key from rancher, I can ssh to rancheros as rancher. Any ideas, are there other logs to look at to get a better understanding of what is failing?
[ERROR] cluster [c-tljpj] provisioning: Failed to set up SSH tunneling for host []: Can't establish dialer connection: can not build dialer to c-tljpj:m-8v4k7

i too facing the same issue in aws cluster setup from rancher. can anyone help on this error


I had the same problem. In my case the cluster nodes couldn’t reach the rancher server on port 443 and 80 because of firewall rules.

Same problem here, after updating rancher certificates (to re-enable UI) and then trying to rotate certificates for the cluster.
On the VM running “docker run rancher”, in /root, there are directories named after cluster nodes with ssh keys.
I can use such a key to login to nodes as “docker@”.
However, it seems that rancher is not able to use ssh to create its tunnels.
How did you solve the problem on your side?

Finally, upgrading rancher to v2.5.9 worked, and did not have this ssh issue.

i have the same problem…iam trying to deploy kubernetes on vSphere…we use ubuntu template 20.04:
Failed to set up SSH tunneling for host []: Can’t retrieve Docker Info: error during connect: Get “http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info”: can not build dialer to [c-j6lxc:m-5l69f]

  • i checked the docker user on my node( has access to docker sock
  • the firewall rules all of them are inactive…but i made sure that i have access to my rancher nodes on port 443 and 80

rancher is installed on single kubernetes node
rancher version → 2.6.5
rke version → 1.3.11


I am facing this same issue:

  • Single Node Rancher install with Rancher gen certs (not custom certs)
  • Ive also ruled out it coming from any firewall rules.

Question: Where are the *.pem files that you’re referencing?