How to Fix SSH Connection Refused Error

By
Joshua Njiru
How to Fix SSH Connection Refused Error

ssh connection refused

Are you encountering the frustrating “Connection refused” error when trying to connect via SSH? This comprehensive guide will help you identify and fix SSH connection issues step by step.

Understanding SSH Connection Refused

When you see the error message

ssh: connect to host <hostname> port 22: Connection refused

, it typically means:

  • SSH daemon (sshd) isn’t running
  • Firewall is blocking the connection
  • SSH is running on a different port
  • Network connectivity issues
  • Incorrect SSH configuration

Step-by-Step Troubleshooting

Here is how you can fix this error:

1. Check if SSH Service is Running

On Linux/Unix systems:

Check SSH service status
sudo systemctl status sshd
Start SSH service if stopped
sudo systemctl start sshd
Enable SSH service on boot
sudo systemctl enable sshd

 

On macOS:

Check SSH service status
sudo launchctl list | grep ssh
Start SSH service
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist

2. Verify SSH Port

Check which ports are listening
sudo netstat -tulpn | grep ssh
Alternative using ss command
sudo ss -tulpn | grep ssh
Check specific port
sudo lsof -i :22

3. Firewall Configuration

UFW (Ubuntu/Debian):

Check firewall status
sudo ufw status
Allow SSH traffic
sudo ufw allow ssh
Allow specific port if not using standard port 22
sudo ufw allow 2222/tcp

Firewalld (RHEL/CentOS):

Check firewall status
sudo firewall-cmd --state
Allow SSH traffic
sudo firewall-cmd --permanent --add-service=ssh
Reload firewall
sudo firewall-cmd --reload

4. Network Connectivity

Test basic connectivity
ping hostname
Check port accessibility
telnet hostname 22
Detailed connection testing
nc -zv hostname 22

5. Common SSH Configuration Fixes

Server-side (

/etc/ssh/sshd_config

):

# Essential settings
Port 22
ListenAddress 0.0.0.0
PermitRootLogin no
PasswordAuthentication yes

 

Client-side (

~/.ssh/config

):

Host myserver
HostName example.com
Port <span class="token">22</span>
User username
IdentityFile ~/.ssh/id_rsa

Advanced Troubleshooting

1. Debug Mode Connection

Verbose connection attempt
ssh -vvv username@hostname
Server-side debug mode
sudo /usr/sbin/sshd -d

2. SELinux Issues (RHEL/CentOS)

Check SELinux status
sestatus
Allow SSH on non-standard port
semanage port -a -t ssh_port_t -p tcp 2222

3. Log Analysis

View SSH logs
sudo tail -f /var/log/auth.log
Debian/Ubuntu
sudo tail -f /var/log/secure      # RHEL/CentOS

Common Issues and Solutions

1. Changed SSH Port

Check custom port
sudo grep "Port" /etc/ssh/sshd_config
Connect to custom port
ssh -p 2222 username@hostname

2. IP Address Restrictions

Check Allow Users directive
sudo grep "AllowUsers" /etc/ssh/sshd_config
Check hosts.allow and hosts.deny
sudo cat /etc/hosts.allow
sudo cat /etc/hosts.deny

3. Maximum Connection Attempts

Check current connections
netstat -tn | grep :22 | wc -l

# Modify MaxStartups in sshd_config
MaxStartups 10:30:100

Best Practices for SSH Security

1. Key-Based Authentication

Generate SSH key
ssh-keygen -t ed25519 -C "your_email@example.com"

# Copy key to server
ssh-copy-id username@hostname

2. SSH Hardening

Secure sshd_config settings
PermitRootLogin no
PasswordAuthentication no
UsePAM yes
X11Forwarding no

3. Rate Limiting with Fail2Ban

Install Fail2Ban
sudo apt install fail2ban
Configure SSH
jail
[sshd]
enabled = true
bantime = 3600
findtime = 600
maxretry = 3

Preventing Future Issues

  1. Regular Maintenance:
    • Keep system updated
    • Monitor SSH logs
    • Backup SSH configurations
    • Test connections regularly
  2. Documentation:
    • Document custom configurations
    • Keep port numbers recorded
    • Maintain IP allowlist
    • Document troubleshooting steps

FAQs

Why does SSH connection work locally but not remotely? A: Usually due to firewall rules or SSH configured to listen only on localhost.

How can I verify if port 22 is actually open? A: Use

netstat

,

nmap

, or

telnet

to check port accessibility.

What if I’m locked out completely? A: Access the server directly through console access or contact your hosting provider.

 

More Articles from Unixmen

SSH Port Forwarding: A Detailed Guide with Examples

Ubuntu: Enable SSH with this clear and concise guide

Enable SSH Ubuntu: How to Securely Access your Remote Server

[Solved] – How to Fix SSH Permission Denied (Publickey) Error Message