Tutorial 📅 December 15, 2024 📖 8 min read

SSH Connection Refused - 5 Solutions (2025)

Fix SSH connection refused error on VPS. 5 proven solutions: firewall config, SSH daemon troubleshooting, port checking.

You're trying to connect to your VPS server via SSH, and instead of getting access, you see the dreaded error message: "Connection refused" or "ssh: connect to host [your-server] port 22: Connection refused".

This is one of the most frustrating errors when managing a VPS because it locks you out completely. But don't panic - in this comprehensive guide, I'll walk you through the 5 most common causes and their solutions.

What Does "SSH Connection Refused" Actually Mean?

When you see "connection refused," it means your SSH client successfully reached your server, but the server actively rejected the connection attempt. This is different from a timeout error, which would indicate the server isn't reachable at all.

Quick Diagnostic: Connection refused = Server is reachable but not accepting SSH connections
Connection timeout = Server is not reachable (network/firewall issue)

Solution 1: Check if SSH Service is Running

The most common cause is that the SSH daemon (sshd) isn't running on your server. This can happen after a reboot or if the service crashed.

How to Check (via console access):

sudo systemctl status sshd

If the service is not running, you'll see "inactive (dead)". To start it:

sudo systemctl start sshd
sudo systemctl enable sshd  # Ensures it starts on boot
Without Console Access? Most VPS providers (DigitalOcean, Linode, Vultr, AWS) offer a web-based console or VNC access through their control panel. Use this to run the commands above.

Solution 2: Verify Firewall Settings

Your server's firewall might be blocking port 22 (the default SSH port). This is especially common if you recently enabled a firewall like UFW or firewalld.

For UFW (Ubuntu/Debian):

sudo ufw status
sudo ufw allow ssh
sudo ufw allow 22/tcp

For firewalld (CentOS/RHEL/Fedora):

sudo firewall-cmd --list-all
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
Cloud Provider Firewalls: Don't forget about your cloud provider's firewall! AWS Security Groups, DigitalOcean Firewalls, and Google Cloud Firewall Rules are separate from your server's internal firewall. Make sure port 22 is allowed there too.

Solution 3: Confirm You're Using the Correct Port

SSH doesn't always run on port 22. Some administrators change it for security reasons. Check your SSH configuration:

sudo grep "^Port" /etc/ssh/sshd_config

If you see something like Port 2222, that's your SSH port. Connect using:

ssh -p 2222 user@your-server-ip

Solution 4: Check if SSH is Listening on the Right Interface

SSH might be configured to listen only on specific IP addresses. Verify with:

sudo ss -tlnp | grep sshd

You should see something like:

LISTEN    0.0.0.0:22    0.0.0.0:*    users:(("sshd",pid=1234))
LISTEN    [::]:22       [::]:*       users:(("sshd",pid=1234))

If SSH is only listening on 127.0.0.1 (localhost), it won't accept remote connections. Edit /etc/ssh/sshd_config:

# Change this:
ListenAddress 127.0.0.1

# To this (or remove the line entirely):
ListenAddress 0.0.0.0

Then restart SSH:

sudo systemctl restart sshd

Solution 5: Verify SELinux/AppArmor Isn't Blocking SSH

On RHEL-based systems, SELinux can sometimes block SSH connections, especially if you changed the default port.

Check SELinux status:

sudo sestatus

If SELinux is enforcing and you changed your SSH port, you need to allow it:

sudo semanage port -a -t ssh_port_t -p tcp 2222  # Replace 2222 with your port
sudo systemctl restart sshd

Still Not Working? Advanced Troubleshooting

Check server logs:

sudo tail -f /var/log/auth.log  # Ubuntu/Debian
sudo tail -f /var/log/secure    # CentOS/RHEL

Test connection from the server itself:

ssh localhost

If this works, the issue is with network connectivity or cloud provider firewall, not SSH itself.

Verify network connectivity:

ping your-server-ip
telnet your-server-ip 22

Managing SSH Issues is Exhausting - There's a Better Way

Tired of debugging SSH connections, firewall rules, and terminal errors? VPS Commander provides a user-friendly web interface to manage your servers without ever touching the terminal. Connect via our intuitive dashboard and execute commands with one click.

Try VPS Commander - Starting at $2.99/month

Prevention: How to Avoid SSH Connection Issues

  1. Always test SSH before logging out: After making SSH config changes, test the connection in a new terminal window before closing your current session
  2. Keep a backup access method: Enable your cloud provider's web console access as a backup
  3. Use SSH key authentication: It's more secure than passwords and reduces authentication issues
  4. Document custom ports: If you change the SSH port, document it immediately
  5. Set up monitoring: Use tools like UptimeRobot to alert you if SSH becomes unreachable

Quick Reference: SSH Connection Refused Checklist

  1. ✅ Is SSH daemon running? (systemctl status sshd)
  2. ✅ Is firewall allowing port 22? (ufw status or firewall-cmd --list-all)
  3. ✅ Is cloud provider firewall configured correctly?
  4. ✅ Are you using the correct port? (grep Port /etc/ssh/sshd_config)
  5. ✅ Is SSH listening on the right interface? (ss -tlnp | grep sshd)
  6. ✅ Is SELinux blocking the connection? (sestatus)

Conclusion

SSH connection refused errors are frustrating but almost always fixable. In 95% of cases, the issue is either the SSH service not running, firewall blocking the port, or using the wrong port number.

By working through the 5 solutions above systematically, you should be able to regain access to your server. Remember to always have a backup access method (like your provider's web console) before making SSH configuration changes.

Pro Tip: If you manage multiple VPS servers and want to avoid these headaches, consider using a management tool like VPS Commander that provides alternative access methods and automates common server management tasks.

Related Articles