If you are trying to connect to a remote server via SSH and you receive the error message “Connection Refused,” it can be a frustrating experience. Fortunately, this error is usually easy to fix. In this article, we will discuss the various causes of the “Connection Refused” error and how to troubleshoot and fix it. We will also discuss some best practices for SSH security and how to prevent this error from occurring in the future.
How to Fix the SSH “Connection Refused” Error
1. Check the SSH service is running on the remote server.
2. Check the SSH port number is correct.
3. Check the firewall settings on the remote server.
4. Check the IP address of the remote server is correct.
5. Check the SSH configuration file on the remote server.
6. Check the SSH keys are correctly configured.
7. Check the SSH client is configured correctly.
8. Try using a different SSH client.
Are you having problems accessing a remote server over SSH? If SSH responds with a “Connection refused” message, you may need to modify the request or check the setup.
In this tutorial, you will find the most common reasons for the SSH connection refused error.
Why Is Connection Refused When I SSH?
There are many reasons why you might get the “Connection refused” error when trying to SSH into your server. To solve this problem, you first need to identify why the system refused your connection via SSH.
Below you will find some of the most common reasons that may cause an SSH connection denial.
SSH Client Not Installed
Before troubleshooting other issues, the first step is to check whether you have SSH properly installed. The machine you are accessing the server from should have the SSH client set up. Without the correct client set up, you cannot remote into a server.
To can check if you have the SSH client on your system, type the following in the terminal window:
If the terminal provides a list of
ssh command options, the SSH client is installed on the system. However, if it responds with command not found, you need to install the OpenSSH Client.
Solution: Install SSH Client
To install the SSH Client on your machine, open the terminal, and run one of the commands listed below.
For Ubuntu/Debian systems:
sudo apt install openssh-client
For CentOS/RHEL systems:
sudo yum install openssh-client
SSH Daemon Not Installed on Server
Just like you need the client version of SSH to access a remote server, you need the server version to listen for and accept connections. Therefore, a server may refuse an incoming connection if the SSH server is missing or the setup is not valid.
To check whether SSH is available on the remote server, run the command:
If the output responds with “Connection refused“, move on to installing SSH on the server.
Solution: Install SSH on Remote Server
To fix the issue of a missing SSH server, refer to how to install the OpenSSH server.
Credentials are Wrong
Typos or incorrect credentials are common reasons for a refused SSH connection. Make sure you are not mistyping the username or password.
Then, check whether you are using the correct IP address of the server.
Finally, verify you have the correct SSH port open. You can check by running:
grep Port /etc/ssh/sshd_config
The output displays the port number, as in the image below.
Note: You can SSH into a remote system using
password authentication or
public key authentication (passwordless SSH login). If you want to set up public key authentication, refer to How To Set Up Passwordless SSH Login.
SSH Service Is Down
The SSH service needs to be enabled and running in the background. If the service is down, the SSH daemon cannot accept connections.
To check the status of the service, enter this command:
sudo service ssh status
The output should respond that the service is active. If the terminal responds that the service is down, enable it to resolve the issue.
Solution: Enable SSH Service
If the system shows the SSH daemon isn’t active, you can start the service by running:
systemctl start sshd
To enable the service to run at boot, run the command:
sudo systemctl enable sshd
Firewall Is Preventing SSH Connection
SSH can refuse a connection due to firewall restrictions. The firewall protects the server from potentially harmful connections. However, if you have SSH set up on the system, you must configure the firewall to allow SSH connections.
Ensure the firewall does not block SSH connections as this may cause the “connection refused” error.
Solution: Allow SSH Connections Through Firewall
To fix the issue we mentioned above, you can use ufw (Uncomplicated Firewall), the command-line interface tool for managing firewall configuration.
Type the following command in the terminal window to allow SSH connections:
sudo ufw allow ssh
SSH Port Is Closed
When you attempt a connection to a remote server, SSH sends a request to a specific port. To accept this request, a server needs to have the SSH port open.
If the port is closed, the server refuses the connection.
By default, SSH uses port 22. If you haven’t made any configuration changes to the port, you can check if the server is listening for incoming requests.
To list all ports that are listening, run:
sudo lsof -i -n -P | grep LISTEN
Find port 22 in the output and check whether its STATE is set to LISTEN.
Alternatively, you can check whether a specific port is open, in this case, port 22:
sudo lsof -i:22
Note: Changing the default SSH port is a good way to add extra protection to the server. Learn more by referring to our article How to Change the SSH Port?
Solution: Open SSH Port
To enable port 22 to LISTEN to requests, use the
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
You can also open ports through the GUI by altering the firewall settings.
SSH Debugging and Logging
To analyze SSH problems in Linux, you can turn on verbose mode or debugging mode. When you enable this mode, SSH prints out debugging messages which help troubleshoot issues with connection, configuration, and authentication.
There are three levels of verbosity:
- level 1 (
- level 2 (
- level 3 (
Therefore, instead of accessing a remote server using the syntax
ssh [server_ip] add the
-v option and run:
ssh -v [server_ip]
Alternatively, you can use:
ssh -vv [server_ip]
ssh -vvv [server_ip]
This article listed some of the most common reasons for the SSH “Connection refused” error. To troubleshoot the issue, go through the list and make sure all the settings are configured correctly.
The other common issue that you may stumble upon is SSH Failed Permission Denied. Learn what is the cause of this error and how to fix it in our article on How To Fix SSH Failed Permission Denied (Publickey,Gssapi-Keyex,Gssapi-With-Mic).
How to Fix the SSH “Connection Refused” Error
The SSH “Connection Refused” error is a common problem that can occur when attempting to connect to a remote server via SSH. This error can be caused by a variety of factors, including incorrect configuration of the SSH server, network issues, or a firewall blocking the connection. Fortunately, there are a few simple steps you can take to troubleshoot and fix the issue.
Step 1: Check the SSH Server Configuration
The first step in troubleshooting the “Connection Refused” error is to check the SSH server configuration. Make sure that the SSH server is running and that the correct port is open and accessible. Additionally, check that the SSH server is configured to accept connections from the IP address of the client machine.
Step 2: Check the Network Connection
The next step is to check the network connection between the client and the server. Make sure that the client machine can reach the server and that the connection is not being blocked by a firewall or other security measure. Additionally, check that the server is not behind a NAT or other network address translation device.
Step 3: Check the SSH Client Configuration
Finally, check the SSH client configuration. Make sure that the correct port is specified and that the client is configured to use the correct authentication method. Additionally, check that the client is configured to use the correct encryption algorithm.
The SSH “Connection Refused” error can be a frustrating problem to troubleshoot, but it can usually be resolved by checking the SSH server and client configurations, as well as the network connection between the two machines. With a few simple steps, you can quickly identify and fix the issue.