Are you encountering the frustrating “Connection refused” error when trying to connect via SSH? This comprehensive guide will help you identify and fix SSH connection issues step by step.
Understanding SSH Connection Refused
When you see the error message
ssh: connect to host <hostname> port 22: Connection refused
, it typically means:
SSH daemon (sshd) isn’t running
Firewall is blocking the connection
SSH is running on a different port
Network connectivity issues
Incorrect SSH configuration
Step-by-Step Troubleshooting
Here is how you can fix this error:
1. Check if SSH Service is Running
On Linux/Unix systems:
Check SSH service status
sudo systemctl status sshd
Start SSH service if stopped
sudo systemctl start sshd
Enable SSH service on boot
sudo systemctl enable sshd
On macOS:
Check SSH service status
sudo launchctl list | grep ssh
Start SSH service
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
2. Verify SSH Port
Check which ports are listening
sudo netstat -tulpn | grep ssh
Alternative using ss command
sudo ss -tulpn | grep ssh
Check specific port
sudo lsof -i :22
3. Firewall Configuration
UFW (Ubuntu/Debian):
Check firewall status
sudo ufw status
Allow SSH traffic
sudo ufw allow ssh
Allow specific port if not using standard port 22
sudo ufw allow 2222/tcp
Firewalld (RHEL/CentOS):
Check firewall status
sudo firewall-cmd --state
Allow SSH traffic
sudo firewall-cmd --permanent --add-service=ssh
Reload firewall
sudo firewall-cmd --reload
4. Network Connectivity
Test basic connectivity
ping hostname
Check port accessibility
telnet hostname 22
Detailed connection testing
nc -zv hostname 22
5. Common SSH Configuration Fixes
Server-side (
/etc/ssh/sshd_config
):
# Essential settings
Port 22
ListenAddress 0.0.0.0
PermitRootLogin no
PasswordAuthentication yes
Client-side (
~/.ssh/config
):
Host myserver
HostName example.com
Port <span class="token">22</span>
User username
IdentityFile ~/.ssh/id_rsa
Advanced Troubleshooting
1. Debug Mode Connection
Verbose connection attempt
ssh -vvv username@hostname
Server-side debug mode
sudo /usr/sbin/sshd -d
2. SELinux Issues (RHEL/CentOS)
Check SELinux status
sestatus
Allow SSH on non-standard port
semanage port -a -t ssh_port_t -p tcp 2222
3. Log Analysis
View SSH logs
sudo tail -f /var/log/auth.log
Debian/Ubuntu
sudo tail -f /var/log/secure # RHEL/CentOS
Common Issues and Solutions
1. Changed SSH Port
Check custom port
sudo grep "Port" /etc/ssh/sshd_config
Connect to custom port
ssh -p 2222 username@hostname
2. IP Address Restrictions
Check Allow Users directive
sudo grep "AllowUsers" /etc/ssh/sshd_config
Check hosts.allow and hosts.deny
sudo cat /etc/hosts.allow
sudo cat /etc/hosts.deny
3. Maximum Connection Attempts
Check current connections
netstat -tn | grep :22 | wc -l
# Modify MaxStartups in sshd_config
MaxStartups 10:30:100
Best Practices for SSH Security
1. Key-Based Authentication
Generate SSH key
ssh-keygen -t ed25519 -C "your_email@example.com"
# Copy key to server
ssh-copy-id username@hostname
2. SSH Hardening
Secure sshd_config settings
PermitRootLogin no
PasswordAuthentication no
UsePAM yes
X11Forwarding no
3. Rate Limiting with Fail2Ban
Install Fail2Ban
sudo apt install fail2ban
Configure SSH
jail
[sshd]
enabled = true
bantime = 3600
findtime = 600
maxretry = 3
Preventing Future Issues
Regular Maintenance:
Keep system updated
Monitor SSH logs
Backup SSH configurations
Test connections regularly
Documentation:
Document custom configurations
Keep port numbers recorded
Maintain IP allowlist
Document troubleshooting steps
FAQs
Why does SSH connection work locally but not remotely? A: Usually due to firewall rules or SSH configured to listen only on localhost.
How can I verify if port 22 is actually open? A: Use
netstat
,
nmap
, or
telnet
to check port accessibility.
What if I’m locked out completely? A: Access the server directly through console access or contact your hosting provider.
More Articles from Unixmen
SSH Port Forwarding: A Detailed Guide with Examples
Ubuntu: Enable SSH with this clear and concise guide
Enable SSH Ubuntu: How to Securely Access your Remote Server
[Solved] – How to Fix SSH Permission Denied (Publickey) Error Message
The post How to Fix SSH Connection Refused Error appeared first on Unixmen.