SSH or Secure Shell (SSH) or Secure Socket Shell, is a protocol that helps to access your site’s server securely over an unsecured network. To make it simple, it’s a way to safely log into your server remotely with the help of preferred command-line interface.
SSH helps to perform multiple tasks which File Transfer Protocol (FTP) doesn’t allow. For example, if there an error on your WordPress site and it locks you out, you can access the site remotely with the help of SSH.
Reasons for SSH Connection Refused
It’s quite unfortunate to find many scenarios occurring when you try to connect to your server via SSH, maybe resulting into error reading “Connection refused”.
Check below the most common issues that might be causing problems for you:
1. Your SSH Service Is Down
To get connected to your server using SSH, it must run an SSH daemon – a program running the background to listen for and accept connections.
In case this service is down, you won’t be able to successfully connect to your server and may receive a connection refused error:
There may be several reasons for your server’s SSH daemon to be down. These include resources outages, unexpected traffic spikes or even a Distributed Denial of Service (DDoS) attack.
In case you are in doubt that your SSH service might be down, you can run the below command to find out:
sudo service ssh status
If you get the status of down in the command line, then you’ve likely find the reason behind your connectivity error.
2. You Have the Wrong Credentials
Though it may seem very simple, it is possible that you have entered the wrong credentials while trying to connect to your server. To run SSH you need to have the below four pieces:
- Host name: It is the IP address of the server that you’re trying to connect to or your domain name.
- Username: It is your (S)FTP username.
- Password: It is your (S)FTP password.
- Port: By default the port is 22. But some hosting providers change their SSH port number for security reasons.
Therefore, you should be able to find it by logging in to your hosting account dashboard.
You can also check for the port used for SSH by running the below command:
grep Port /etc/ssh/sshd_config
With the command line, you should get the correct port.
Ensure that you enter the right credentials and considering the possibility of typos or entering the wrong port or IP address.
3. The Port You’re Trying to Use Is Closed
The endpoint to which you are directed while connecting to your server is called as a port. Additionally, to ensure that you have the correct one, you will need to check to see if the port you are trying to use is open.
It’s a security vulnerability if the port is open as hackers can try to exploit it and gain server access. Therefore, unused ports are closed many times to avoid attacks.
If the port 22 or the custom SSH port for your server is closed, you will see a connection refused error. To ensure if the port is listening, run the below command:
sudo netstat -plnt
The command line returns a list of ports and their respective “states”. If the port 22’s state is LISTEN then it is working normally. But if it’s not, it is required to reopen the port for connecting to your server.
4. SSH Isn’t Installed on Your Server
As mentioned earlier, SSH daemons are used by the servers to listen for and accept connections. So, if the server you are trying to connect doesn’t have an SSH daemon, it won’t allow you to access it via SSH.
Generally, most of the hosting providers have SSH daemons installed on their servers by default. This specific issue is highly common on localhost or dedicated servers.
5. Firewall Settings Are Preventing an SSH Connection
Because open ports are a sign of security risk, firewalls installed to secure servers from hackers also block connections to them. Inappropriately, it indicates that users that are harmless and trying to SSH into their servers also receive a connection refused error due to firewall settings.
In case your setup is in order and you aren’t able to connect, check your firewall’s rules. Those can be seen in your command-line interface with the below commands:
sudo iptables-save # display IPv4 rules sudo ip6tables-save # display IPv6 rules
The results will vary, but check for these elements for finding if your firewall is blocking SSH connections:
dport 22: It indicates the destination port, which for SSH is generally port 22.
REJECT: This indicates the connections are being refused from the specified destination.
DROP: This indicates the connections to the relevant port are being blocked.
In case you search the results of the commands above for dport 22, you should be able to find if your firewall is securing and SSH connection. If this is the condition, you will need to change the rules to accept requests.
Reasons for PuTTY Saying Connection Refused
PuTTY is an SSH client and if know FTP very well, this platform is the FileZilla equivalent to SSH on Windows machines. Basically, PuTTY enables users to input their credentials and launch an SSH connection:
So, if you’re a PuTTY user and see the Connection refused error, the reasons is likely one of those listed above.
This is an SSH connection error similar to any other and the helpful tips below need to work whether you are using Terminal , PuTTY or any other program for connection to your via SSH.
Ways to Troubleshoot SSH Connectivity Errors
When there is an SSH connectivity error, you need to take a few steps for troubleshooting it, based on the cause.
Check the below tips for resolving the reasons for a connection refused error seen above:
- If your SSH service is down: contact your hosting provider to find the reason for your SSH service not running. You can use the command sudo service ssh restart for localhost or dedicated servers to try to get it running again.
- You entered the wrong credentials mistakenly: After rechecking the SSH port using the grep Port /etc/ssh/sshd_config command twice, try to connect again with the correct details.
- If your SSH port is closed: This may occur as a side effect of one of the two reasons listed below. To resolve this, install an SSH daemon on the server you want to connect to or change your firewall rules so that connections are accepted to your SSH port.
- If SSH isn’t installed on your server: Install OpenSSH or any other SSH tool on the server you want to connect to using the sudo apt install openssh-server command.
- If your firewall is blocking your SSH connection: Disable the firewall rules that block your SSH connection by changing the settings of the destination port to ACCEPT.
In case you are trying to connect to your hosting provider’s server, contact support instead of trying to resolve the problem yourself. If you are a localhost or dedicated server user, you might find the support on technical forums in case none of the above tricks work.
When you are able to connect to your server with SSH, it is convenient in a wide range of situations. With this, you can access your site when you run commands via WP-CLI, are locked out of your WordPress dashboard, track changes in your website’s code using Git and so on.