Are you having problems accessing a remote server over SSH? If SSH responds with a "Connection refused" message, you may need to modify the request or check the setup.
In this tutorial, you will find the most common reasons for the SSH connection refused error.
Why is Connection Refused When I SSH?
There are many reasons why you might get the "Connection refused" error when trying to SSH into your server. To solve this problem, you first need to identify why the system refused your connection via SSH.
Below you will find some of the most common reasons that may cause an SSH connection denial.
SSH Client Not Installed
Before troubleshooting other issues, the first step is to check whether you have SSH properly installed. The machine you are accessing the server from should have the SSH client set up. Without the correct client set up, you cannot remote into a server.
To can check if you have the SSH client on your system, type the following in the terminal window:
If the terminal provides a list of
ssh command options, the SSH client is installed on the system. However, if it responds with command not found, you need to install the OpenSSH Client.
Solution: Install SSH Client
To install the SSH Client on your machine, open the terminal, and run one of the commands listed below.
For Ubuntu/Debian systems:
sudo apt install openssh-client
For CentOS/RHEL systems:
sudo yum install openssh-client
SSH Daemon Not Installed on Server
Just like you need the client version of SSH to access a remote server, you need the server version to listen for and accept connections. Therefore, a server may refuse an incoming connection if the SSH server is missing or the setup is not valid.
To check whether SSH is available on the remote server, run the command:
If the output responds with "Connection refused", move on to installing SSH on the server.
Solution: Install SSH on Remote Server
To fix the issue of a missing SSH server, refer to how to install the OpenSSH server.
Credentials are Wrong
Typos or incorrect credentials are common reasons for a refused SSH connection. Make sure you are not mistyping the username or password.
Then, check whether you are using the correct IP address of the server.
Finally, verify you have the correct SSH port open. You can check by running:
grep Port /etc/ssh/sshd_config
The output displays the port number, as in the image below.
Note: You can SSH into a remote system using password authentication or public key authentication (passwordless SSH login). If you want to set up public key authentication, refer to How To Set Up Passwordless SSH Login.
SSH Service is Down
The SSH service needs to be enabled and running in the background. If the service is down, the SSH daemon cannot accept connections.
To check the status of the service, enter this command:
sudo service ssh status
The output should respond that the service is active. If the terminal responds that the service is down, enable it to resolve the issue.
Solution: Enable SSH Service
If the system shows the SSH daemon isn’t active, you can start the service by running:
systemctl start sshd
To enable the service to run at boot, run the command:
sudo systemctl enable sshd
Firewall is Preventing SSH Connection
SSH can refuse a connection due to firewall restrictions. The firewall protects the server from potentially harmful connections. However, if you have SSH set up on the system, you must configure the firewall to allow SSH connections.
Ensure the firewall does not block SSH connections as this may cause the "connection refused" error.
Solution: Allow SSH Connections Through Firewall
To fix the issue we mentioned above, you can use ufw (Uncomplicated Firewall), the command-line interface tool for managing firewall configuration.
Type the following command in the terminal window to allow SSH connections:
sudo ufw allow ssh
SSH Port is Closed
When you attempt a connection to a remote server, SSH sends a request to a specific port. To accept this request, a server needs to have the SSH port open.
If the port is closed, the server refuses the connection.
By default, SSH uses port 22. If you haven’t made any configuration changes to the port, you can check if the server is listening for incoming requests.
To list all ports that are listening, run:
sudo lsof -i -n -P | grep LISTEN
Find port 22 in the output and check whether its STATE is set to LISTEN.
Alternatively, you can check whether a specific port is open, in this case, port 22:
sudo lsof -i:22
Solution: Open SSH Port
To enable port 22 to LISTEN to requests, use the
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
You can also open ports through the GUI by altering the firewall settings.
SSH Debugging and Logging
To analyze SSH problems in Linux, you can turn on verbose mode or debugging mode. When you enable this mode, SSH prints out debugging messages which help troubleshoot issues with connection, configuration, and authentication.
There are three levels of verbosity:
- level 1 (
- level 2 (
- level 3 (
Therefore, instead of accessing a remote server using the syntax
ssh [server_ip] add the
-v option and run:
ssh -v [server_ip]
Alternatively, you can use:
ssh -vv [server_ip]
ssh -vvv [server_ip]
This article listed some of the most common reasons for the SSH "Connection refused" error. To troubleshoot the issue, go through the list and make sure all the settings are configured correctly.
The other common issue that you may stumble upon is SSH Failed Permission Denied. Learn what is the cause of this error and how to fix it in our article on How To Fix SSH Failed Permission Denied (Publickey,Gssapi-Keyex,Gssapi-With-Mic).