Introduction

Are you having problems accessing a remote server over SSH? If SSH responds with a “Connection refused” message, you may need to modify the request or check the setup.

In this tutorial, you will find the most common reasons for the SSH connection refused error.

How to fix the ssh connection refused error.

Why is Connection Refused When I SSH?

There are many reasons why you might get the “Connection refused” error when trying to SSH into your server. To solve this problem, you first need to identify why the system refused your connection via SSH.

Below you will find some of the most common reasons that may cause an SSH connection denial.

SSH Client Not Installed

Before troubleshooting other issues, the first step is to check whether you have SSH properly installed. The machine you are accessing the server from should have the SSH client set up. Without the correct client set up, you cannot remote into a server.

To can check if you have the SSH client on your system, type the following in the terminal window:

ssh

Check if SSH client is installed on system.

If the terminal provides a list of ssh command options, the SSH client is installed on the system. However, if it responds with command not found, you need to install the OpenSSH Client.

Solution: Install SSH Client

To install the SSH Client on your machine, open the terminal, and run one of the commands listed below.

For Ubuntu/Debian systems:

sudo apt install openssh-client

For CentOS/RHEL systems:

sudo yum install openssh-client

Note: For a step-by-step guide of the installation, check out How to Install OpenSSH on CentOS or How to Enable SSH on Ubuntu.


SSH Daemon Not Installed on Server

Just like you need the client version of SSH to access a remote server, you need the server version to listen for and accept connections. Therefore, a server may refuse an incoming connection if the SSH server is missing or the setup is not valid.

To check whether SSH is available on the remote server, run the command:

ssh localhost

If the output responds with “Connection refused“, move on to installing SSH on the server.

Solution: Install SSH on Remote Server

To fix the issue of a missing SSH server, refer to how to install the OpenSSH server.

Credentials are Wrong

Typos or incorrect credentials are common reasons for a refused SSH connection. Make sure you are not mistyping the username or password.

Then, check whether you are using the correct IP address of the server.

Finally, verify you have the correct SSH port open. You can check by running:

grep Port /etc/ssh/sshd_config

The output displays the port number, as in the image below.

Check SSH port number.


Note: You can SSH into a remote system using password authentication or public key authentication (passwordless SSH login). If you want to set up public key authentication, refer to How To Set Up Passwordless SSH Login.


SSH Service is Down

The SSH service needs to be enabled and running in the background. If the service is down, the SSH daemon cannot accept connections.

To check the status of the service, enter this command:

sudo service ssh status

The output should respond that the service is active. If the terminal responds that the service is down, enable it to resolve the issue.

Check if SSH service is running.

Solution: Enable SSH Service

If the system shows the SSH daemon isn’t active, you can start the service by running:

systemctl start sshd

To enable the service to run at boot, run the command:

sudo systemctl enable sshd

Firewall is Preventing SSH Connection

SSH can refuse a connection due to firewall restrictions. The firewall protects the server from potentially harmful connections. However, if you have SSH set up on the system, you must configure the firewall to allow SSH connections.

Ensure the firewall does not block SSH connections as this may cause the “connection refused” error.

Solution: Allow SSH Connections Through Firewall

To fix the issue we mentioned above, you can use ufw (Uncomplicated Firewall), the command-line interface tool for managing firewall configuration.

Type the following command in the terminal window to allow SSH connections:

sudo ufw allow ssh

Configure UFW to allow SSH.

SSH Port is Closed

When you attempt a connection to a remote server, SSH sends a request to a specific port. To accept this request, a server needs to have the SSH port open.

If the port is closed, the server refuses the connection.

By default, SSH uses port 22. If you haven’t made any configuration changes to the port, you can check if the server is listening for incoming requests.

To list all ports that are listening, run:

sudo lsof -i -n -P | grep LISTEN

Find port 22 in the output and check whether its STATE is set to LISTEN.

Alternatively, you can check whether a specific port is open, in this case, port 22:

sudo lsof -i:22

Check if port 22 is open.

Solution: Open SSH Port

To enable port 22 to LISTEN to requests, use the iptables command:

sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

You can also open ports through the GUI by altering the firewall settings.

SSH Debugging and Logging

To analyze SSH problems in Linux, you can turn on verbose mode or debugging mode. When you enable this mode, SSH prints out debugging messages which help troubleshoot issues with connection, configuration, and authentication.

There are three levels of verbosity:

  • level 1 (-v)
  • level 2 (-vv)
  • level 3 (-vvv)

Therefore, instead of accessing a remote server using the syntax ssh [server_ip] add the -v option and run:

ssh -v [server_ip]

SSH in verbose mode.

Alternatively, you can use:

ssh -vv [server_ip]

or

ssh -vvv [server_ip]

Conclusion

This article listed some of the most common reasons for the SSH “Connection refused” error. To troubleshoot the issue, go through the list and make sure all the settings are configured correctly.


Next you should also read