Fixing SSH Errors
Learn how to resolve some of the most common errors you may receive when connecting to a server with SSH.
vServer (VPS) from IONOS
Low-cost, powerful VPS hosting for running your custom applications, with a personal assistant and 24/7 support.
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED
This error is triggered when the SSL certificate for a server changes. The error is designed to flag a potential "man in the middle" attack. However, most people only encounter the error after rebuilding a server.
If your server is new, or has had its image reinstalled since the last time you connected, simply click to accept the new SSL certificate and continue.
Access Denied or Authentication Refused
The most common cause of the "Access Denied" or "Authentication Refused" error is that the SSH username or password has been misspelled or is incorrect.
- Verify that you have typed the username correctly.
- Make sure you are using the right username.
- Double-check the password. To be sure you are entering it correctly, copy and paste it into the field. Note: You can paste to the command prompt using Shift+Enter.
Finding the Initial Root Password for a Linux Cloud Server
If you have a Linux Cloud Server, the initial default root password is listed on the Control Panel.
Log in to your IONOS account, click Control Panel to open up the drop-down menu, then click Cloud Panel.
On the Servers page, click to select your server.
Scroll down to the Initial Password line and click Show Password to display the default root password.
You can copy and paste the password from the pop-up message.
If you have changed the password for root, the new password will not be shown here.
Port 22: Connection refused
There are several possible reasons why you might receive the "Port 22: Connection refused" error when you try to connect via SSH to your server.
Is the Server Accessible
The first thing you should do is find out if the server is allowing connections to port 22 from elsewhere on the Internet. Use the tool at http://www.infobyip.com/sshservertest.php, to check your server.
If this site is able to connect to your server, then the problem is on your end. You may be behind a firewall that blocks traffic on port 22. Many offices and schools block this port for security reasons.
If the site is not able to connect to your server, then the problem is either on the server, or between the server and the internet.
Is SSH Installed
If this is a new installation, the SSH server (sshd) may not be installed. You can check to see if it is on your system with the command:
which sshd
If the system responds with a path like /usr/sbin/sshd then the SSH server has been installed. If instead it responds with an error like /usr/bin/which: no sshd in (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin) then you will need to install both the SSH client and the SSH server.
On Ubuntu and Debian, install these programs with the command:
sudo apt-get install openssh-server openssh-clients
On CentOS, install these programs with the command:
sudo yum -y install openssh-server openssh-clients
Start or Restart SSH
Check to make sure that the SSH service is running with the command:
sudo ps -aux | grep sshd
In addition to your grep command, you should see the SSHD process running.
If the SSHD process is not running, start it.
- On Ubuntu and Debian: sudo service ssh start
- On CentOS: sudo systemctl start sshd
If the SSHD process is running, it may need to be restarted.
- On Ubuntu and Debian: sudo service ssh restart
- On CentOS: sudo systemctl restart sshd
Is SSH Listening on Port 22
Port 22 is the default port for SSH connections. If your server's SSH daemon has been configured to listen to a port other than port 22, it will refuse SSH connections to port 22.
To check which port SSH is listening to, use the command:
sudo netstat -apn | grep sshd
The output of this command will show you which port SSH is listening to.
If SSH is listening to a port other than port 22, you will need to adjust your connection settings accordingly.
In PuTTY for Windows, you can set the port in the main Settings screen.
Check the SSH configuration file for typos
If you recently edited your SSH configurations, check the syntax of the file with:
sudo sshd –T
Examine your firewall rules
There are several possible firewall scenarios which could result in this SSH error, including:
-
If you recently installed or updated a firewall on your server, you may have blocked SSH access to port 22 (or failed to allow it) by accident.
- If your server has recently been rebooted, your firewall rules may not have been loaded on boot to allow traffic to port 22.
Check UFW rules
If you are using ufw as a firewall on your server, you can list all of your ufw rules with the command:
sudo ufw verbose
You can allow SSH with the command:
sudo ufw allow ssh
Check Iptables rules
To see if you have an iptables rule which is blocking SSH traffic, use the command:
sudo iptables -L | grep ssh
You can also list all of your iptables rules with the command:
sudo iptables -L
To delete an iptables rule, edit the /etc/sysconfig/iptables file, then reload the iptables configuration with the command:
sudo iptables -F
Check your cloud panel firewall policy
Log in to your IONOS Control Panel and go to your Cloud Panel. Go to Infrastructure -> Servers and click to select your server.
Scroll down to see if it has a Firewall Policy listed.
If a Firewall Policy is listed, edit this policy to allow SSH connections.
To do this, click Network -> Firewall Policies.
Click to select the Firewall Policy that is assigned to your server.
If your Firewall Policy does not have a rule to allow SSH, scroll down and click Add Predefined Values.
Click SSH.
Click the green check mark to add this new rule to your Firewall Policy.
Network error: Software caused connection abort
The "Network error: Software caused connection abort" error happens when your desktop machine closes the connection unexpectedly. This may happen if you experience an internet problem, including a brief hiccup in the connection.
It can also happen when the server stops listening. Your desktop sends several packets to the server before it gives up on the connection and closes the session.
Cloud backup from IONOS
Make costly downtime a thing of the past and back up your business the easy way!
Write failed: broken pipe Network error: Connection reset by peer
When an SSH session closes with either "Write failed: broken pipe" or "Network error: Connection reset by peer," it means the session has timed out.
The timeout can occur on your computer, on the server, or on a firewall between them. The SSH session will automatically be closed if it sits idle for too long.
The solution is to set your SSH client to send "keepalive packets." These are small packets of data which are automatically sent at regular intervals. This tells the network that your connection is still active.
Setting Keepalive
PuTTY on Windows
If you are using PuTTY on Windows to connect to your server, you can set the timeout under Connection. Set “Seconds between keepalives (0 to turn off)” to 60.
Linux or Unix
If you are using a Linux or Unix desktop to connect to your server, edit /etc/ssh/sshd_config and add:
ServerAliveInterval 60
Save and exit the file, then restart SSH for the changes to take effect.
Network error: Connection timed out
The "Network error: Connection timed out" error means that your SSH client did not receive any response from the server. There are several possible reasons for this error:
An internet outage at your location
Wait a few moments, then try again. If you still get the error message, check your internet connection by visiting a website like Google in your browser.
A serious network problem somewhere between your location and the server
You can check the health of the connection between your location and the server by running a traceroute. This will send a few packets of data to your server, and report back on the number of hops the data had to make, and how long it took for each hop.
- Windows 10
To run a traceroute on Windows 10, right click the Start button.
Click Search.
Type "cmd" in the search field.
Click Command Prompt when it appears.
Run a traceroute to your server with the command:
tracert [IP address or domain name]
For example, if your server is http://example.com the command would be:
tracert example.com
The output will look something like this:
If you see extremely high ping times (anything greater than 300ms is considered "high") or excessive dropped packets (which are indicated with an asterisk), this could be the source of your problem.
Note: The final "hop" to the end server often shows dropped packets and "Request timed out" even when the server is up and running without any problems. For security reasons, most servers do not respond to ping commands.
Firewall rules prevent the connection
If you are behind a firewall at home or at work, this can cause the issue. You will also want to be sure that your server's firewall is configured to allow SSH connections.
The server may be offline or shut down
Give it a few moments and try to reconnect. If your server has been rebooted, it should be back online shortly.
If the server still does not respond, you can check the server's status from your IONOS Control Panel.
Log in to your IONOS account, click Control Panel to open up the drop-down menu, then click Cloud Panel.
On the Servers page, click to select your server. The Status light will be green for a server which is up and running. It will change to yellow or red if there are problems.
To check on the server, click the Actions button, then select Access KVM Console from the drop-down menu.
This will open the KVM console, which allows you to access your server as if you were sitting at a keyboard attached to the physical machine.
If you want to restart the server, you can do so from the KVM console with the command:
sudo shutdown -r now
You can also restart your server from the Actions menu by clicking Restart.
Related articles
SFTP (SSH File Transfer Protocol)
Using SSH File Transfer Protocol (SFTP), you can transfer data bidirectionally within an authorized group of people in a particularly secure way. The transfer between the client and server takes place via an encrypted IP-based data tunnel. The basic File Transfer Protocol (FTP) has major security vulnerabilities, which were eliminated in the refined SSH File Transfer Protocol.
How to use SSH keys
Operating and managing a remote server located in a data center is often carried out by using a secure network connection provided by the SSH protocol. The necessary registration on the server is preceded by an authentication process. Usually this occurs in the form of the username and password. Alternative methods such as the public key authentication used by SSH, do have their advantages. But…
How to use SSH tunnels and SSH port forwarding
SSH tunnels are used for secure data transfers and for accessing websites that you otherwise wouldn’t have access to via your network. Reverse SSH tunnels make port forwarding possible with private IP addresses. Keep reading our dedicated article to find out what SSH tunnels are, what they’re used for and how to set one up.