How to Fix the SSH Connection Refused Error?

SSH (Secure Shell) is a cryptographic network protocol widely used for secure data communication, remote shell services, and command-line interface access to computers. SSH replaced the older and less-secure telnet protocol as the go-to method for remote shell access, providing strong encryption and authentication features for data confidentiality, integrity, and authenticity during communication over unsecured networks.

SSH has become an essential tool for system administrators, developers, network engineers, and enthusiasts who need to securely manage or access computing resources remotely. However, establishing SSH connections can sometimes fail with various error messages, with "connection refused" being one of the most common and frustrating issues.

Understanding the SSH Connection Refused Error

The "connection refused" error occurs when your SSH client fails to establish a connection with the remote server. This error message indicates that your client was able to communicate with the server but couldn't establish a connection on the specified port (usually port 22). The refusal can stem from various issues on either the client or server side.

Common Causes of SSH Connection Refused Error

SSH Service Not Running

The most fundamental cause is when the SSH daemon (sshd) is not running on the target server. You can check the SSH service status using:

systemctl status sshd
# or for older systems
service ssh status

If the service is inactive, start it with:

sudo systemctl start sshd
sudo systemctl enable sshd  # to start on boot

Firewall Blocking Connections

Firewalls on either the client or server side can block SSH connections. Check if port 22 is open and accessible:

# Check if port 22 is listening
sudo netstat -tlnp | grep :22
# or
sudo ss -tlnp | grep :22

# Test connection from client
telnet server_ip 22
# or
nmap -p 22 server_ip

For UFW (Ubuntu firewall), allow SSH connections:

sudo ufw allow ssh
# or specifically
sudo ufw allow 22/tcp

Incorrect Server Configuration

SSH server configuration issues in /etc/ssh/sshd_config can cause connection refusals. Common problems include:

• SSH listening on wrong interface or port

• Authentication methods misconfigured

• User access restrictions

Troubleshooting Steps

Using Alternative Ports

If port 22 is blocked or you want to use a custom port, modify /etc/ssh/sshd_config:

# Edit SSH configuration
sudo nano /etc/ssh/sshd_config

# Change port (uncomment and modify)
Port 2222

# Restart SSH service
sudo systemctl restart sshd

Connect using the custom port:

ssh -p 2222 username@server_ip

Key-Based Authentication Issues

If using SSH keys, ensure proper permissions and key placement:

# Generate new SSH key pair
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

# Copy public key to server
ssh-copy-id username@server_ip

# Set correct permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Advanced Diagnostics

For detailed troubleshooting, use verbose SSH client output:

ssh -v username@server_ip
# or for more details
ssh -vvv username@server_ip

Check SSH server logs for connection attempts:

sudo tail -f /var/log/auth.log
# or on some systems
sudo tail -f /var/log/secure

Conclusion

SSH connection refused errors typically stem from service, firewall, or configuration issues. Start by verifying the SSH service is running, check firewall settings, and ensure proper network connectivity. Most connection issues can be resolved by systematically checking these fundamental components and using verbose logging for detailed diagnostics.