How to Fix the SSH “Connection Refused” Error?

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...
SSH Connection Refused Error

What is SSH?

SSH is a method of securely getting access to the remote device or server over an insecure network usually over the internet.

It provides reliable transmission of data by employing encryption in the communications channel between the contacting client and server, that is, the architectural device that accepts or initiates a connection with the resource being used.

This encryption ensures that nobody else other than the sender and the intended recipient can intercept and alter information that is being transferred during the remote session.

Therefore, SSH is very important for conveying sensitive information, especially where security is of the utmost importance.

What are the Causes of SSH Connection Refused Error?

The SSH “Connection Refused” often comes up when the client fails to connect to the SSH server. There are several common causes for this error:

SSH Service Not Running

The most probable cause for a “Connection Refused” error message is the absence of the SSH service or sshd on the server. This can occur if the SSH service has been turned off, stopped running, or not configured to start at boot time on the server run level.

Firewall Blocking SSH Port

In cases where there is a firewall at either the client’s side or the server side which has somehow restricted the SSH port which is usually by default port 22, connections to the SSH server will be rejected.

Some ports may be closed for security reasons or simply to protect the network from malicious connections, so the availability of port 22 for SSH purposes is important.

Incorrect SSH Configuration

Sometimes making errors within the settings of the SSH server, which can be accessed through the file /etc/ssh/sshd_config in Linux systems, can lead to issues with connections.

In order to avoid misconfiguration, there can be some usual mistakes, such as setting improper port settings; banning SSH protocols; or banning IPs.

Network Issues

Problems related to submitted networks like congestion of the network, improperly configured router, or issues related to DNS servers can hinder establishment of SSH connections. Check that both the client and the server have network connections available on the network.

Server Overload

However if the server finds that it has too many connections or the system resources such as CPU, or the memory is fully utilized it can be impossible to allow new SSH connections.

This problem can be prevented by constantly supervising the utilization of servers and tweaking the number and the capacity of the resources that command them.

SSH Key Authentication Issues

If it is configured that the client needs to use ssh key, the server does not have a valid private key that matches the copy of the public key stored on the server, then the server may deny the connection request.

Also Read: What is SSH Key? SSH Security Risks & Best Practices for Securing SSH

Check if the keys are properly created and make sure that the client has the correct private key that is to be used.

Server Maintenance or Updates

At times, where there is a need to maintain or update the servers, there is a possibility of SSH service being out of reach.

There are settings that trigger alarms having ssh’ in the message: Checks if the SSH service is supposed to be offline or if updates have modified the configuration.

How to Fix SSH Connection Refused Error?

Verify SSH Service Status

Make sure the SSH service (sshd) is up and running on the server and is using the correct port, which is port 22 by default. It is used to check the status and start or restart any service depending on the Linux distribution being used.

# Check SSH service status
systemctl status ssh     # For systemd-based systems like Ubuntu, CentOS 7+
service ssh status         # For SysVinit systems like older versions of CentOS

# Restart SSH service if needed
systemctl restart ssh    # For systemd-based systems
service ssh restart       # For SysVinit systems

Check Firewall Settings

Make sure that the firewall permits the incoming connections on the SSH service of the server using its port number, which by default is TCP port 22.

You can use the commands of firewall to check if it will be needed to open port 22 for SSH.

For example, in the installation of Ubuntu and using the ufw command.

# Check firewall status
ufw status

# Allow SSH connections (if not already allowed)
ufw allow ssh

Verify SSH Configuration File

Check in the ssh server configuration file (which resides in /etc/ssh/sshd_config in most of the Linux systems) to see for a moment if they are misconfigured.

Some of the challenges are as follows: the port of the connection may be set wrongly, the protocol versions may be turned off or may be restricted by the IP address. More changes to the configuration file may be done and then SSH service needs to be restarted.

sudo nano /etc/ssh/sshd_config   

# Edit configuration file as root
sudo systemctl restart ssh       

# Restart SSH service after making changes

Check Network Connectivity

You will need to make sure that the client and server have a working network connection to be able to access data. Ping, traceroute etc can be used on the server or the client depending on which fails to prove that the network of the other is reachable.

Verify SSH Key Authentication

If the client is using the SSH key based authentication then the client must have the correct private key that correlates with the server’s public key stored in (~/. ssh/authorized_keys). Check and/or modify the SSH keys as needed.

Restart SSH Client

On this front, it may help to restart the SSH client especially if connection problems are affecting the client end. Try connecting again, this can be done by closing and reopening the terminal of the SSH client or the entire session.

Server Load and Resource Issues

Verify resources being consumed in this server (CPU, memory) to share that this server cannot make SSH connection when overloaded. The server performance should be checked and resource maxima should be changed if necessary.

Server Maintenance and Updates

If you are unsure on whether a server has been updated or is currently being updated, wait for the particular period of time which is usually set for such exercises or verify whether SSH service has been properly configured after a particular update.

Conclusion

Secure your site and your users information using affordable SSL certificates. Finally, the following is our recommendation for any size of a business; whether you’re a small business owner or managing a large enterprise, we have the perfect SSL solution for you.

Fix Not Secure Website Warning

Immediately Fix “Connection not Secure & other Browser Security Warnings with Trusted SSL Certificates.

Buy at Just $3.99/Yr
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.