SSH stands for Secure Shell or Secure Socket Shell, which is a network protocol and a secure solution for users, especially system administrators, to access computers and programs remotely in an insecure network. The SSH protocol secures data communication between two computers with strong authentication and encryption and facilitates and accelerates network administrators’ tasks.
Sometimes, when accessing the VPS remotely, you get the SSH “Connection refused” error, which is a common error that most users have encountered. Don’t worry about this problem at all, this error has different reasons and solutions that can be solved by troubleshooting and simple settings. In this article, we will present the reasons for receiving the SSH “Connection refused” error, as well as effective solutions to solve this problem. Stay with us until the end of the article.
What is SSH? Why do we use SSH?
SSH stands for Secure Shell or Secure Socket Shell, which is a network protocol and a secure solution for users, especially system administrators, to access computers and key programs remotely in an insecure network.
Using the SSH protocol, in addition to remote access to the server and its essential programs, allows editing, deleting, transferring, uploading files, and executing the command; The user is also able to perform more extensive tasks. After purchasing a Linux VPS, the first step most users take to protect their server and data is to install and activate the SSH service on their Linux VPS; Using SSH, all user authentication, commands, output, and file transfers are encrypted to protect against network attacks.
SSH protocol Offers developer tools such as WP-CLI (WordPress Command Line Interface), Git (Version Control System), npm (JavaScript Package Manager), and Composer (A PHP package manager) for users, especially WordPress developers. We have already talked about what SSH is and its uses in detail, you can read the article What is SSH to learn more about SSH.
It should be noted that SSH offers valuable features to protect the data exchanged between the server and the client, which include:
- Strong authentication (via password, public keys) of users when connecting to the server
- Creating a secure tunnel on the TCP/IP protocol platform
- Data encryption that is exchanged between client and server in an insecure network.
- Automatic transfer of connections established on the server
What problem does receiving the SSH “Connection Refused” error indicate?
When you receive the SSH “Connection refused” error message, it means that the SSH protocol has been disrupted in establishing communication in the network and is unable to secure and encrypt data during communication between the client and server. Also, if the SSH connection fails, in addition to not having a secure connection with the server in an insecure network, you will have difficulty performing advanced management tasks, executing commands, and transferring files. There are various reasons behind this error, which we will explain the most common reason for the SSH “Connection refused” error in the following.
The reasons for receiving the SSH “Connection Refused” error and their solutions
As we mentioned earlier, receiving this error when trying to connect to the server through SSH is not without reason; Various possible reasons cause disruption and failure in SSH connections. You will not be able to solve the problem until you identify the reason for receiving the error. In the following, we present the most common reasons for receiving SSH “Connection refused” and troubleshooting SSH connection errors to guide you in identifying the cause of this error, and then we will solve the problem by providing effective solutions.
1. The server does not support SSH Daemon
If you have not installed the SSH version of the server to listen and accept connections, you may encounter the SSH “Connection refused” error. SSH Daemon’s main task is to accept authenticated requests from the client side, If SSH Daemon is not installed on the server, it will reject requests to connect to the server. Therefore, one of the possible reasons for receiving errors in SSH connections can be the Failing to install SSH Daemon on the server and the incorrect configuration of the SSH Daemon on the server side, which will cause the incoming connection to the server to be rejected.
Solution: Ensure that SSH Daemon is installed on the server and enable SSH
In order to be able to determine that the reason for receiving the SSH “Connection refused” error is because the SSH daemon is not installed, or other factors cause the SSH connection to fail, you must first check whether the SSH Daemon is implemented on your server. So check if SSHDaemon is installed on your server by running the following command:
ssh localhost
Output:
ssh: connect to host localhost port 22: Connection refused
If your output is the same as the output we provided and you received the Connection refused message, you must install and activate SSH Daemon on the server to solve this problem.
To install SSH tools such as Open SSH on the server, you can run the following command with sudo privileges:
sudo apt install openssh-server
In an article, we taught how to install and enable SSH on Ubuntu. If you are using the Ubuntu operating system, you can use this article to activate SSH.
Note: Fortunately, most server providers today install SSH daemon on VPSs by default. If you use VPS, don’t worry about this. Usually, this problem exists in dedicated and local host servers.
2. SSH Client not installed
Just as it is necessary to install an SSH daemon on the server to accept requests from the client side, you must also install SSH software with the client version on the local device to communicate remotely with the server. Failure to install SSH Client on the local device is another factor in receiving the SSH “Connection refused” error when connecting remotely to the server via SSH. You must make sure that the SSH Client is installed and enabled on the local device.
Solution: Install SSH Client
If you find that your local system does not support SSH Client software, installing SSH Client can solve the problem of receiving SSH connection error. It is not difficult to install SSH Client on the local machine, just enter the following commands in the Linux terminal:
If you are using Ubuntu/Debian operating system, run the following command to install SSH Client:
sudo apt install openssh-client
If your operating system is CentOS and RHEL derivatives, you must run the following command:
sudo yum install openssh-client
3. Closed SSH port
The port is the last destination to accept the request to connect to the server and to increase security and prevent hackers from accessing the server, system administrators usually close vulnerable ports. Since SSH uses the default port 22 to send connection requests if the SSH port is not open on the server or the wrong port is configured, you will receive the SSH message “Connection refused” when trying to connect to the remote server via SSH. Closing the SSH port prevents access to the server.
Solution: Open SSH Port if it is closed
To check whether the default SSH port (port 22) is open or closed, you can access a list of listening ports by running the following command:
sudo lsof -i -n -P | grep LISTEN
In the output of this command, you should see a list of ports in LISTEN mode, finding port 22 (SSH port) in the list of ports can make you sure that the SSH port is open.
You can also search for port 22 in the list of currently LISTEN mode ports in a customized way:
sudo lsof -i:22
But if you do not find port 22 in the list provided, you must open the SSH port by running the followingiptables
command to connect to the server:
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
Note: You can open port 22 through your firewall settings.
4. Credentials are wrong
One of the factors that make you fail when trying to connect to an SSH server is entering or mistyping credentials such as your FTP username, FTP password, port, server IP address, or domain name.
Solution: Check the validity of the information entered in the credentials when trying to connect
To avoid receiving the SSH “Connection refused” error, it is better to be careful when entering the credentials to enter the correct information. Sometimes some hosting service providers change the default SSH port to increase security, so you should be aware of the port change. Also, type the IP address of the server you want to connect to correctly and write down the username and password carefully somewhere and remember it.
To know the port that is set for SSH connection, you can run the following command:
grep Port /etc/ssh/sshd_config
Output:
#Port 22
#GatewayPorts no
By executing the above command, the port opened for SSH connection will be displayed and you can make sure that the port you enter for SSH connection is correct.
5. SSH Service is down
To connect to the server, the SSH service must be active and running in order to listen and accept requests from the client side to connect to the server.
In situations where you have an unexpected increase in traffic or experience DDOS attacks or resource outages, the SSH service on your server may be disabled and down. In this situation, you will not be able to connect to the server through SSH because the SSH service is down, and the reason for receiving the SSH error “Connection refused” may be the disabling of the SSH service.
Solution: Enable SSH service
If you feel that the SSH service has a problem and is down, check to make sure that the SSH service is active by running the following command:
sudo service ssh status
If you saw Active: active (running) in the output of the previous command, then the reason for receiving the SSH “Connection refused” error is not the inactivity of the SSH service, but if you did not see the activation of the SSH service, you must first start the SSH service by executing the following command:
systemctl start sshd
Then run thesystemctl enable
command to enable the SSH service at boot time:
sudo systemctl enable sshd
6. Firewall settings regarding SSH connection
As we have already mentioned, open ports can be a way to security risks and illegal intrusions, For this reason, to increase the security of the server, rules are set in the firewall to block ports to prevent unknown users from accessing the server. Sometimes, the reason for receiving the SSH “Connection refused” error is the blocking of SSH connections and the restrictions applied in the firewall settings, which prevent SSH connection to the server.
Solution: Allow SSH connections in the firewall
If the restrictions configured in the firewall prevent SSH connections, to solve this problem you need to change the firewall settings to allow SSH connections.
The first thing to do before allowing SSH connections in the firewall is to check the rules in the firewall to ensure that SSH connections are blocked in the firewall. For this purpose, enter the following command:
sudo iptables-save # display IPv4 rules
sudo ip6tables-save # display IPv6 rules
In the list of rules set in the firewall, seeing dport 22, REJECT, and DROP components mean that SSH connections are blocked. If you find these components in the list of firewall rules, you must allow SSH connections by running the following command:
sudo ufw allow ssh
Output:
Rules updated
Rules updated(v6)
7. SSH Debugging
One of the efficient ways to solve possible SSH connection problems is to enable debugging mode to identify problems and troubleshoot SSH connections and configuration. For this purpose, you can use the verbose command in three modes -v, -vv, and -vvv when connecting to the server:
ssh -v [server_ip]
Or
ssh -vv [server_ip]
Or
ssh -vvv [server_ip]
FAQ
What are the ways to bypass SSH Connection Refused Errors?
- Checking the correctness of the information entered in the Credentials
- Ensure that SSH Client is installed on the local machine
- Ensure that SSH Daemon is installed on the server
- Checking firewall rules to allow SSH connections
- Ensure that the SSH port is open
- Check your network connection
- Restart the server
- Ensuring that the SSH service is active and running
What command should be executed to Restart SSH?
In Ubuntu/Debian and its derivatives, executing the following commands restarts the SSH service:
# /etc/init.d/ssh restart.
# service ssh restart.
$ sudo service ssh restart.
$ sudo systemctl restart ssh
Conclusion
SSH is a protocol designed to secure connections between the server and the client, and because of the capabilities, it provides to protect the server, enabling the SSH service on the server has become one of the important factors for server administrators. Sometimes when connecting to the server with SSH, users get the SSH “Connection refused” error, which is one of the most common errors when trying to access the server. Displaying the SSH “Connection refused” error and SSH connection failure has various reasons, in this article we have provided a list of the most common reasons along with their solutions.
The main reasons for receiving the SSH “Connection refused” error when trying to connect to the server are the SSH service being down, the SSH port is closed, and SSH connections being blocked in the firewall. We hope that by reading this article, you will be able to connect to your server without receiving the SSH “Connection refused” error.
Thank you for your choice.