How to Fix the SSH “Connection Refused” Error on Linux
What is SSH? Why do we use SSH?
SSH stands for Secure Shell or Secure Socket Shell, which is a network protocol and a secure solution for users, especially system administrators, to access computers and key programs remotely in an insecure network.
Using the SSH protocol, in addition to remote access to the server and its essential programs, allows editing, deleting, transferring, uploading files, and executing the command; The user is also able to perform more extensive tasks. After purchasing a Linux VPS, the first step most users take to protect their server and data is to install and activate the SSH service on their Linux VPS, Using SSH, all user authentication, commands, output, and file transfers are encrypted to protect against network attacks.
SSH protocol Offers developer tools such as WP-CLI (WordPress Command Line Interface), Git (Version Control System), npm (JavaScript Package Manager), and Composer (A PHP package manager) for users, especially WordPress developers. We have already talked about what SSH is and its uses in detail, you can read the article What is SSH to learn more about SSH.
It should be noted that SSH offers valuable features to protect the data exchanged between the server and the client, which include:
- Strong authentication (via password, public keys) of users when connecting to the server
- Creating a secure tunnel on the TCP/IP protocol platform
- Data encryption is exchanged between client and server in an insecure network.
- Automatic transfer of connections established on the server
Why Occur SSH “Connection Refused” Error?
When you receive the SSH “Connection refused” error message, it means that the SSH protocol has been disrupted in establishing communication in the network and is unable to secure and encrypt data during communication between the client and server. Also, if the SSH connection fails, in addition to not having a secure connection with the server in an insecure network, you will have difficulty performing advanced management tasks, executing commands, and transferring files. There are various reasons behind this error, which we will explain the most common reason for the SSH “Connection refused” error in the following.
The reasons for SSH “Connection Refused” error and their solutions
As we mentioned earlier, receiving this error when trying to connect to the server through SSH is not without reason; Various possible reasons cause disruption and failure in SSH connections. You will not be able to solve the problem until you identify the reason for receiving the error. In the following, we present the most common reasons for receiving SSH “Connection refused” and troubleshooting SSH connection errors to guide you in identifying the cause of this error, and then we will solve the problem by providing effective solutions.
1. Check if an SSH Server Is Installed
One possible cause of the “connection refused” error is that the remote machine is not running an SSH server. Without the SSH server, the machine will not accept incoming SSH connections, and you will not be able to access it remotely.
So the first step in troubleshooting the error is to check whether an SSH server is installed on the remote machine. Use the following command to verify the SSH server installation:
# systemctl status sshd Or # systemctl status ssh
If the SSH server is installed on the remote machine, you will see it listed in the output. Otherwise, you must install the OpenSSH server on the remote machine you want to access via SSH. OpenSSH is an open-source version of the SSH tools for remotely accessing and controlling systems.
To install the OpenSSH server, use the following commands:
On Debian-based distributions:
# apt install openssh-server
On RHEL-based distributions:
# yum install openssh-server
On openSUSE:
# zypper install openssh
On Arch-based distributions:
# pacman -S openssh
Note: Fortunately, most server providers today install SSH daemon on VPSs by default. If you use VPS don’t worry about this, usually this problem exists in dedicated and local host servers.
2. Check the SSH Service Status
Another reason for getting the “connection refused” error can be that the SSH service is disabled or not running on the remote machine. Once you are sure that the SSH server is installed, the second thing you need to check is the status of the server.
# systemctl status sshd Or # systemctl status ssh
If the service is up and running, the output will indicate it as active (running). Otherwise, you will see something like inactive (dead).
If the SSH server is not running, you can start it manually using the following command:
# systemctl start sshd
You can also enable the service to automatically start at boot with the following command:
# systemctl enable sshd
3. Check the SSH Port
By default, the SSH server runs on port 22. However, one can change the default port. Therefore if you receive the SSH “connection refused” error it may be because you are attempting to connect to the SSH server on the default port 22 while it is running on some different port.
You can use the netstat command with grep to find the port the SSH server is listening on:
# netstat -plntu | grep ssh
You can also find the SSH port from the sshd_config file using the following command:
# grep Port /etc/ssh/sshd_config
After identifying the correct SSH port, try connecting to your remote system using that specific port.
But if you do not find port 22 in the list provided, you must open the SSH port by running the following ufw or iptables command to connect to the server:
# ufw allow 22
To verify if the rule has been added successfully, check the UFW status:
# ufw status
4. Check Your System Firewall
Most of the connectivity problems occur due to your machine’s firewall blocking some ports or services. If the remote machine has the SSH server installed and running, the next step is to check your firewall.
To figure out whether the firewall is blocking the connection, temporarily disable the firewall using the following commands:
On Debian and Arch-based Linux distributions:
# ufw disable
On RHEL-based distributions and openSUSE:
# systemctl disable firewalld
If the error does not appear after disabling the firewall, it means that the firewall was blocking the connection.
In this case, re-enable the firewall and add a rule that allows SSH.
On Debian and Arch-based Linux distributions, use the following command to allow SSH in the UFW firewall:
# ufw allow ssh
Alternatively, you can also allow SSH by the port number in the firewall. Let’s say the SSH server is using port 5555, then you would use the following command to allow it in the firewall:
# ufw allow 5555