Are you encountering the frustrating “Connection refused” error when trying to connect via SSH? This comprehensive guide will help you identify and fix SSH connection issues step by step.
Understanding SSH Connection Refused
When you see the error message ssh: connect to host <hostname> port 22: Connection refused, it typically means:
- SSH daemon (sshd) isn’t running
- Firewall is blocking the connection
- SSH is running on a different port
- Network connectivity issues
- Incorrect SSH configuration
Step-by-Step Troubleshooting
Here is how you can fix this error:
1. Check if SSH Service is Running
On Linux/Unix systems:
sudo systemctl status sshdsudo systemctl start sshd
sudo systemctl enable sshd
On macOS:
sudo launchctl list | grep ssh
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist2. Verify SSH Port
sudo netstat -tulpn | grep ssh
sudo ss -tulpn | grep ssh
sudo lsof -i :223. Firewall Configuration
UFW (Ubuntu/Debian):
sudo ufw status
sudo ufw allow ssh
sudo ufw allow 2222/tcpFirewalld (RHEL/CentOS):
sudo firewall-cmd --state
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload4. Network Connectivity
ping hostname
telnet hostname 22 nc -zv hostname 225. Common SSH Configuration Fixes
Server-side (/etc/ssh/sshd_config):
Port 22
ListenAddress 0.0.0.0
PermitRootLogin no
PasswordAuthentication yes
Client-side (~/.ssh/config):
Host myserver
HostName example.com
Port 22
User username
IdentityFile ~/.ssh/id_rsaAdvanced Troubleshooting
1. Debug Mode Connection
ssh -vvv username@hostname
sudo /usr/sbin/sshd -d2. SELinux Issues (RHEL/CentOS)
sestatussemanage port -a -t ssh_port_t -p tcp 22223. Log Analysis
sudo tail -f /var/log/auth.log sudo tail -f /var/log/secure # RHEL/CentOSCommon Issues and Solutions
1. Changed SSH Port
sudo grep "Port" /etc/ssh/sshd_config
ssh -p 2222 username@hostname2. IP Address Restrictions
sudo grep "AllowUsers" /etc/ssh/sshd_config
sudo cat /etc/hosts.allow
sudo cat /etc/hosts.deny3. Maximum Connection Attempts
netstat -tn | grep :22 | wc -l
# Modify MaxStartups in sshd_config
MaxStartups 10:30:100
Best Practices for SSH Security
1. Key-Based Authentication
ssh-keygen -t ed25519 -C "your_email@example.com"
# Copy key to server
ssh-copy-id username@hostname
2. SSH Hardening
PermitRootLogin no
PasswordAuthentication no
UsePAM yes
X11Forwarding no3. Rate Limiting with Fail2Ban
sudo apt install fail2ban
jail
[sshd]
enabled = true
bantime = 3600
findtime = 600
maxretry = 3Preventing Future Issues
- Regular Maintenance:
- Keep system updated
- Monitor SSH logs
- Backup SSH configurations
- Test connections regularly
- Documentation:
- Document custom configurations
- Keep port numbers recorded
- Maintain IP allowlist
- Document troubleshooting steps
FAQs
Why does SSH connection work locally but not remotely? A: Usually due to firewall rules or SSH configured to listen only on localhost.
How can I verify if port 22 is actually open? A: Use netstat, nmap, or telnet to check port accessibility.
What if I’m locked out completely? A: Access the server directly through console access or contact your hosting provider.
More Articles from Unixmen
Enable SSH Ubuntu: How to Securely Access your Remote Server
[Solved] – How to Fix SSH Permission Denied (Publickey) Error Message
