How to fix “ssh connection refused” on Linux
Getting “connection refused” errors when trying to connect over SSH on Linux? If so, this guide is for you! Follow along below as we go over some possible fixes to the “connection refused” error on your Linux system!
Fix 1 – Port 22 is blocked by firewall
One possible reason you may be getting “ssh connection refused” while connecting to a Linux desktop or server with an OpenSSH server set up on it is that the firewall blocks the default port.
To solve this, you can unblock port 22 using your firewall. In this guide, we’ll show you how to unblock port 22 using the UFW command-line firewall for Ubuntu/Debian and other distributions that use UFW. We will also cover FirewallD for those using RedHat distributions such as Fedora, RHEL, etc.
Note: if you use a firewall system other than UFW or Firewalld on Linux, you will need to consult your software’s manual to learn how to unblock port 22.
To start the unblocking process, you will need a terminal window. Launch a terminal session on the Linux desktop or Linux server that is hosting your OpenSSH server. Once the terminal window is open, follow along with the unblocking instructions that correspond with the firewall you use.
Unblock port 22 on Ubuntu, Debian, and other Linux operating systems that use UFW
On many Linux servers and desktops, the UFW firewall is running by default. If this system is running, port 22 may be blocked. To unblock it to allow SSH traffic through port 22, you will need to use the allow command.
In the terminal, execute the sudo ufw allow ssh command. This command will tell the UFW firewall to allow the “ssh” profile through the firewall, which is, by default, port 22.
sudo ufw allow ssh
If you use SSH on a custom port other than port 22, entering the allow ssh command will not work, and UFW will continue blocking connections. To fix this, you can use the ufw allow command and specify a port to unblock.
For example, if your Linux desktop or server runs OpenSSH on custom port 443, you can unblock it through the UFW firewall using the command below.
sudo ufw allow 443/tcp
To unblock custom SSH ports with the UFW firewall on Ubuntu, Debian, or any other server/desktop running the UFW firewall, specify the port along with the allow command.
sudo ufw allow MY_CUSTOM_SSH_PORT/tcp
Unblock port 22 on Fedora, RHEL, and other Linux operating systems that use FirewallD
If you’re running a server or desktop that uses Fedora, RHEL, or another Redhat-based Linux operating system, you’re likely using Firewalld. If you’re getting “connection refused” errors, it may be because port 22 is blocked. Here’s how to enable it with FirewallD.
First, you must log in to the root account in the terminal. Root access is required to tinker with FirewallD configuration settings. To access the root account, execute the following su – command.
su -
After accessing the root account using the su command, use the firewall-cmd command to add a new firewall rule allowing port 22 through (SSH traffic).
firewall-cmd --zone=public --add-port=22/tcp --permanent
If you are running SSH on a custom port rather than port 22, the above command will not work. Instead, you will need to change the “add-port=22” command to your custom port.
firewall-cmd --zone=public --add-port=MY_CUSTOM_SSH_PORT/tcp --permanent
Once you’ve added the new rule to the Firewalld configuration, you will need to apply the new settings. To apply these settings, execute the firewall-cmd –reload command.
firewall-cmd --reload
Fix 2 – OpenSSH service is down
If unblocking SSH ports in the firewall didn’t do it, you might be dealing with the fact that OpenSSH is down on your server. To check if the service is down, open up a terminal, and execute the OpenSSH service’s systemctl status command.
systemctl status sshd
After running the status command, you’ll see a readout of the sshd service, the file that allows the OpenSSH server to function on most Linux operating systems.
Look through the SSH readout for the “Active” section. If it says “Active: inactive (dead),” your OpenSSH service is down and needs to be restarted. If it says “active (running),” you’ll need to try another fix to determine why connections are being refused.
To start the OpenSSH service back up again, you can execute the systemctl start sshd command.
sudo systemctl start sshd
Fix 2.5 – OpenSSH service is not enabled
Another possible reason for OpenSSH refusing connections is the simple fact that OpenSSH’s sshd service isn’t enabled at startup. By not enabling it at startup, SSH may go down at each restart, causing connection issues. To remedy this problem, you can execute the following systemctl command.
sudo systemctl enable sshd
Fix 3 – OpenSSH is running on a different port
Many users like to customize their SSH configurations when setting up an SSH server. One of the most common things to do is change the default port from 22 to something else.
If you’ve changed your SSH port, you need to specify it for the connection to be successful. For example, if an SSH server runs on port 443, merely running the command below will result in a connection error.
ssh my-user@my-server
You can fix this connection refusal by specifying the port number during the connection using the -p command-line switch.
ssh -p CUSTOM_PORT_NUMBER user@my-server
