Why can't I SSH into the server

Topic: Servers linux

Diagnose SSH connection failures: check network (ping, port open), sshd running, firewall allows port 22, and key or password accepted. Use this when SSH connection is refused, times out, or permission denied so you can fix or use console access.

Intent: Troubleshooting

Quick answer

  • Connection refused: sshd not running (systemctl start sshd) or wrong port; check ss -tlnp | grep 22 and systemctl status sshd.
  • Timeout: network or firewall blocks port 22; from client ping host, telnet host 22 or nc -zv host 22; on server allow 22 in ufw/nftables.
  • Permission denied (publickey): key not in authorized_keys, wrong permissions (700 .ssh, 600 authorized_keys), or PasswordAuthentication no and no valid key.

Prerequisites

Steps

  1. Check from client

    ping host; ssh -v user@host to see where it fails (resolve, connect, auth); try telnet host 22 or nc -zv host 22 to see if port is open.

  2. Check sshd and port

    On server: systemctl status sshd or ssh; ss -tlnp | grep 22; if sshd is down, systemctl start sshd; if wrong port, connect with ssh -p PORT.

  3. Check firewall

    On server: ufw status or nft list ruleset; allow 22/tcp (or your SSH port); reload firewall; test from client again.

  4. Check authentication

    Server: ls -la ~user/.ssh; authorized_keys one line per key, 600; .ssh 700; client: ssh -i /path/to/key user@host; if password denied, ensure PasswordAuthentication yes temporarily or add key.

Summary

You will troubleshoot SSH connection failures by checking network, sshd, firewall, and authentication. Use this when you cannot log in and need to decide whether to fix SSH or use console.

Prerequisites

  • Another way to reach the server (console, serial, or second host) if SSH is down.
  • Client with ssh and optionally telnet/nc.

Steps

Step 1: Check from client

ping host
ssh -v user@host
nc -zv host 22

Note: connection refused vs timeout vs permission denied.

Step 2: Check sshd and port

On server: systemctl status sshd; ss -tlnp | grep 22. Start sshd if stopped; confirm the port in sshd_config matches what you use.

Step 3: Check firewall

sudo ufw status
sudo ufw allow 22/tcp
sudo ufw reload

Or nftables: ensure a rule accepts port 22.

Step 4: Check authentication

  • Server: ~/.ssh 700, authorized_keys 600, key on one line.
  • Client: ssh -i /path/to/key user@host; if password login is disabled, add the correct key.

Verification

  • SSH connection succeeds from client; key or password accepted; no connection refused or timeout.

Troubleshooting

Still refused — sshd not listening (wrong config or failed to start); check journalctl -u sshd; fix config and restart.

Timeout — Firewall or network blocks port; fix firewall on host or network path; confirm IP and port.

Next steps

Continue to