If you’ve ever tried connecting to a Linux server using SSH and been hit with the frustrating message:
ssh: connect to host x.x.x.x port 22: Connection refused
You’re not alone.
This error is one of the most common (and confusing) issues Linux users face, whether they’re system administrators, developers, DevOps engineers, or students learning Linux.
The good news?
In most cases, the issue is simple and completely fixable once you understand what’s going wrong.
In this comprehensive guide, you’ll learn how to fix SSH connection refused error on Linux, step by step. We’ll cover every real-world cause, explain why it happens, and show you exact commands to diagnose and fix it—without unnecessary repetition or fluff.
What Does “SSH Connection Refused” Actually Mean?
Before fixing the problem, it’s important to understand what the error means.
When you attempt an SSH connection:
ssh user@server_ip
Your system tries to:
- Reach the remote server over the network
- Connect to a specific port (default: 22)
- Communicate with the SSH service running on that server
A “SSH connection refused” error means:
- The server is reachable, but
- Nothing is listening on the specified port, or
- The connection is being actively blocked or rejected
This is different from errors like:
- No route to host (network issue)
- Connection timed out (firewall or routing problem)
Common Reasons for SSH Connection Refused on Linux
Here are the most common causes you’ll encounter in real environments:
- SSH service is not running
- SSH is installed but disabled
- Incorrect SSH port
- Firewall blocking SSH
- SSH configured to listen on localhost only
- SELinux blocking SSH
- TCP wrappers or access rules blocking connection
- Server-side IP restrictions
- SSH daemon misconfiguration
- Hosting provider or cloud security group issues
We’ll go through each logically and practically.
Start with the Basics: Is SSH Even There?
Picture this: You’re SSHing from your laptop, but the remote box doesn’t have the server side installed. Rookie mistake, but it happens on fresh minimal installs like Ubuntu Server or CentOS Stream.
First, on your local machine (the client), check if you even have the SSH client: just type ssh. If it spits out usage info, you’re good. If “command not found,” install it quick:
Ubuntu/Debian:
sudo apt update && sudo apt install openssh-client
Fedora/RHEL/CentOS:
sudo dnf install openssh-clients(oryumon older boxes)
Now, the real issue is usually the server side. SSH into localhost on the target machine (via console, VPS panel, or whatever access you have):
ssh localhost
SSH Connection refused?
Yep, no sshd daemon.
Install it:
Ubuntu/Debian:
sudo apt update && sudo apt install openssh-server
Fedora:
sudo dnf install openssh-server
RHEL/CentOS/AlmaLinux/Rocky:
sudo dnf install openssh-server (RHEL 8+; use yum for 7)
Arch:
sudo pacman -S openssh
Boom, installed. But it won’t auto-start on some distros, so enable and fire it up:
sudo systemctl enable --now sshd
(or ssh on Debian/Ubuntu).
Check status:
sudo systemctl status sshd
Should say “active (running).” If not, we dig deeper next.
How to Fix SSH Connection Refused Error on Linux
Step 1: Confirm Basic Network Connectivity
Before touching the server, make sure your system can actually reach it.
Test with ping
ping server_ip
If ping fails:
- The server may be down
- Network routing may be broken
- ICMP may be blocked (not always a problem)
Test the SSH port directly
nc -zv server_ip 22
Or:
telnet server_ip 22
If you see connection refused, the server is reachable—but SSH isn’t accepting connections.
Step 2: Check If SSH Service Is Running on the Server
This is the most common cause of the SSH connection refused error on Linux.
Log into the server locally or via console access.
Check SSH service status
sudo systemctl status ssh
Or on older systems:
sudo systemctl status sshd
If the service is inactive or failed, SSH won’t accept connections.
Start SSH service
sudo systemctl start ssh
Enable it at boot:
sudo systemctl enable ssh
Recheck:
sudo systemctl status ssh
If SSH was stopped, this alone may fix the issue.
Step 3: Install OpenSSH Server (If Missing)
On minimal Linux installations, SSH server may not be installed at all.
Check if SSH server is installed
ssh -V
This checks the client, not the server. To check server:
dpkg -l | grep openssh-server # Ubuntu/Debian
rpm -qa | grep openssh-server # RHEL/CentOS
Install OpenSSH server
Ubuntu / Debian
sudo apt update
sudo apt install openssh-server
RHEL / CentOS / Rocky / Alma
sudo yum install openssh-server
Then start the service:
sudo systemctl start sshd
Step 4: Verify the SSH Port Number
By default, SSH listens on port 22, but many administrators change it for security reasons.
Check SSH listening port
sudo ss -tulpn | grep ssh
Or:
sudo netstat -tulpn | grep ssh
You might see something like:
LISTEN 0 128 0.0.0.0:2222
This means SSH is running on port 2222, not 22.
Connect using the correct port
ssh -p 2222 user@server_ip
If you try port 22 while SSH listens elsewhere, you’ll always get SSH connection refused.
Step 5: Check SSH Configuration File
The SSH daemon configuration file controls how SSH behaves.
Open sshd_config
sudo nano /etc/ssh/sshd_config
Key settings to verify:
Port
Port 22
Ensure it matches the port you’re connecting to.
ListenAddress
ListenAddress 0.0.0.0
If it’s set to:
ListenAddress 127.0.0.1
SSH will only accept local connections, causing remote attempts to be refused.
Protocol
Protocol 2
Restart SSH after changes
sudo systemctl restart ssh
Step 6: Check Firewall Rules (Very Common Cause)
Even if SSH is running, a firewall can block access.
Ubuntu / Debian (UFW)
Check status:
sudo ufw status
Allow SSH:
sudo ufw allow ssh
Or specific port:
sudo ufw allow 22/tcp
Reload firewall:
sudo ufw reload
RHEL / CentOS / Rocky / Alma (Firewalld)
Check firewall:
sudo firewall-cmd --list-all
Allow SSH:
sudo firewall-cmd --permanent --add-service=ssh
Or custom port:
sudo firewall-cmd --permanent --add-port=2222/tcp
Reload:
sudo firewall-cmd --reload
Check iptables (advanced systems)
sudo iptables -L -n
If port 22 is blocked, you’ll need to add a rule to allow it.
Step 7: Check SELinux (RHEL-Based Systems)
SELinux can silently block SSH even when everything else looks correct.
Check SELinux status
sestatus
If SELinux is Enforcing, check SSH ports:
sudo semanage port -l | grep ssh
If your SSH runs on a custom port, allow it:
sudo semanage port -a -t ssh_port_t -p tcp 2222
Restart SSH:
sudo systemctl restart sshd
Step 8: Verify SSH Is Listening on All Interfaces
SSH may be running but bound to the wrong network interface.
Check listening address
ss -tulpn | grep ssh
If you see:
127.0.0.1:22
SSH only listens locally. Fix this in sshd_config:
ListenAddress 0.0.0.0
Restart SSH afterward.
Step 9: Check TCP Wrappers and Access Rules
Some systems restrict SSH using /etc/hosts.allow and /etc/hosts.deny.
Check hosts.deny
cat /etc/hosts.deny
If you see:
sshd: ALL
SSH connections will be refused.
Fix it
Edit /etc/hosts.allow:
sshd: ALLOr allow specific IPs.
Step 10: Verify Cloud Security Groups (AWS, GCP, Azure)
If you’re using a cloud server, local firewall rules are not enough.
Check:
- AWS Security Groups
- Azure NSG rules
- GCP firewall rules
Ensure:
- SSH port is allowed
- Your IP is permitted
- Correct port is configured
Cloud firewalls often cause SSH connection refused even when Linux is configured correctly.
Step 11: Check SSH Logs for Clues
Logs provide exact reasons for failures.
Ubuntu / Debian
sudo journalctl -u ssh
Or:
sudo tail -f /var/log/auth.log
RHEL / CentOS
sudo tail -f /var/log/secure
Look for:
- Port binding errors
- Permission denied messages
- SELinux denials
- Configuration syntax errors
Step 12: Restart the Server (Last Resort)
If:
- SSH config is correct
- Firewall rules are correct
- SSH service is running
A reboot can resolve stuck services or kernel-level issues:
sudo reboot
Final Thoughts
The SSH connection refused error on Linux looks intimidating at first, but in reality, it’s almost always caused by one of a handful of configuration issues. Once you understand how SSH works behind the scenes, fixing it becomes systematic and predictable.
Whether you’re managing a production server, a cloud VM, or a local Linux machine, the steps in this guide will help you confidently diagnose and resolve the issue without guesswork.
For more help, you can visit official Ubuntu documntation.
FAQs: How to Fix SSH Connection Refused Error on Linux
What does “SSH connection refused” mean on Linux?
The “SSH connection refused” error means your system can reach the server, but the server is not accepting SSH connections on the specified port. This usually happens when the SSH service is stopped, the wrong port is used, or a firewall is blocking the connection.
What is the most common cause of SSH connection refused error on Linux?
The most common cause is that the SSH service (sshd) is not running on the server. This can happen after a reboot, misconfiguration, or if OpenSSH server is not installed.
How do I check if SSH service is running on Linux?
You can check the SSH service status using:
sudo systemctl status ssh
or
sudo systemctl status sshd
If it shows inactive or failed, start the service to fix the issue.
Can a firewall cause SSH connection refused?
Yes. Firewalls like UFW, firewalld, or iptables can block SSH access. Even if SSH is running, a blocked port will cause a connection refused error until the firewall rule is updated.
How do I allow SSH through the firewall?
On Ubuntu:
sudo ufw allow ssh
On RHEL/CentOS:
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
Make sure the rule matches the correct SSH port.
What if SSH is running on a non-default port?
If SSH is configured to use a custom port (not 22), you must specify it when connecting:
ssh -p 2222 user@server_ip
Using the wrong port will always result in a connection refused error.
Can SELinux block SSH connections?
Yes. On RHEL-based systems, SELinux in enforcing mode can block SSH if it runs on a non-standard port. You must explicitly allow the port using semanage for SSH to work.
Why does SSH work locally but not remotely?
This usually means SSH is bound to 127.0.0.1 (localhost) instead of all interfaces. Updating the ListenAddress directive in sshd_config and restarting SSH fixes this issue.
Where can I find SSH error logs in Linux?
On Ubuntu/Debian:
/var/log/auth.log
On RHEL/CentOS:
/var/log/secure
These logs provide exact reasons why SSH connections are being refused.
Can cloud security settings cause SSH connection refused?
Yes. Cloud providers like AWS, Azure, and Google Cloud have their own firewalls. Even if Linux settings are correct, blocked SSH ports in security groups will prevent access.
Does restarting the server fix SSH connection refused errors?
Sometimes. Restarting can fix stuck services or misapplied firewall rules. However, it should be used as a last step after checking SSH configuration and firewall settings.
Is SSH connection refused a client-side or server-side issue?
In almost all cases, it is a server-side issue. The client is able to reach the server, but the server is refusing the connection due to configuration, firewall, or service problems.
How do I fix SSH connection refused error on Linux permanently?
To fix it permanently:
- Ensure SSH starts on boot
- Keep firewall rules consistent
- Avoid unnecessary port changes
- Monitor SSH logs regularly
- Test SSH after system updates
Can incorrect permissions cause SSH connection refused?
Incorrect permissions usually cause authentication errors, not SSH connection refused. However, severe SSH configuration errors can prevent the service from starting, leading to a refused connection.
Is “SSH connection refused” different from “connection timed out” in SSH?
Yes.
- Connection refused means the server actively rejected the connection.
- Connection timed out usually indicates a firewall or network routing problem.
How to Reset Forgotten Ubuntu User Password: 10 Simple Steps