Close Menu

How To Fix Port 22: Connection Refused Error

Anup ThapaBy
port 22 connection refused

Port 22: Connection Refused is a common SSH error that generally happens because users try to connect to the wrong port.

The default SSH port is 22, but it’s generally changed to something else due to security concerns. As such, when users try to connect to port 22 (by default), they inevitably encounter this error.

In addition to this, reasons like the firewall blocking the SSH port or the SSH service being down also usually lead to this error. We’ve detailed more reasons, as well as steps to deal with each one in the sections below.

How to Fix Port 22: Connection Refused Error

Before you start troubleshooting, we recommend rebooting your router, as that could be all that’s needed to resolve the issue. Additionally, you should perform a ping test to confirm that this is actually an SSH issue rather than a general internet issue. If there’s packet loss, you’d better off fixing that first.

Also, this error is, for the most part, a server-end issue. As such, the first two fixes are applicable on the client end, but there’s not much you can do from the client system. Your best bet will be to try out the server-end fixes.

Verify Login Credentials

It’s easy to miss, but users sometimes enter incorrect credentials on the client end when attempting to connect to the SSH server. Try reconnecting with the correct credentials if this is the case before moving on to the other fixes.

Resolve DNS Issues

The second possible issue on the client end is that the system isn’t resolving the hostname, leading to this error. You can use the Public IP of the SSH server instead of the domain name to confirm this.

If there does indeed seem to be a DNS issue, you could try flushing the DNS cache with the following commands:
sudo systemd-resolve --flush-caches
sudo resolvectl flush-caches

If that doesn’t help, you should change your DNS servers. Here are the steps to do so:

  1. Execute the following command:
    sudo nano /etc/systemd/resolved.conf
  2. Change the DNS and FallbackDNS values to that of a different DNS Server.
    systemd-resolved-conf-dns-fallbackdns
  3. Save the changes and exit, and check if the issue is resolved.

If on a private network, you could also contact your system admin to make sure that the SSH server’s DNS entry is correct.

Ensure SSH is Installed

This might seem like a no-brainer, but users often encounter SSH issues on fresh installations as they forget that SSH doesn’t come preinstalled.

To install the OpenSSH server application and related files on Debian-based distros, use the following command:
sudo apt install openssh-server

sudo-apt-install-openssh-server

It’s also worth mentioning that some users were able to resolve the issue by purging the currently installed package with sudo apt purge openssh-server and reinstalling it.

Check SSH Daemon Status

The SSH Daemon must be running for your connection to be successful. If you’ve made any changes to the SSH configurations, such as Port, for instance, you’ll also need to restart the service to apply the changes. Here’s how you can do so on Debian-based distros:

  • To check the service status:
    sudo service ssh status
    sudo-service-ssh-status
  • To start the service:
    sudo service ssh start
  • To restart the service:
    sudo service ssh restart

Check SSH Listening Port

The default SSH port is 22, but for security reasons, it’s generally changed to something else. Use the grep Port /etc/ssh/sshd_config command to find out which port the server is listening to.

grep port etc ssh sshd config

Since you’re encountering this error, it’s likely not port 22. In such cases, you can connect to that specific port with the following command:
ssh -p <port_no> <username>@<ip>

ssh-specify-port

Allow SSH in Firewall

Another common reason for this error is that the firewall is blocking the SSH port. In such cases, you can allow the SSH port with the following steps:

  1. First, enable the firewall with the following command:
    sudo ufw enable
  2. Next, replace port with the port no. and execute the following to allow the connection through the port:
    sudo ufw allow port
    add-rule-reload-firewall-ubuntu
  3. Afterward, reload the firewall using the sudo ufw reload command to ensure the changes are applied.

Ensure IP Is Whitelisted

There have also been cases where the connection failed because SSH was only configured to listen to certain addresses. In such cases, you can ensure the IP address you’re trying to access is whitelisted with the following steps:

  1. Execute the sudo nano /etc/ssh/sshd_config command.
  2. If the ListenAddress directive is uncommented, make sure the IP you’re trying to access is included here.
    sshd-config-listen-address
  3. If you added the IP just now, press CTRL+O > Enter to save the changes and CTRL+X to exit the editor.
  4. Restart the SSH service with sudo service ssh restart and try connecting now.

Anup Thapa primarily covers Windows systems, networking, and computer hardware at TechNewsToday. Anup has been writing professionally for almost 5 years, and tinkering with PCs for much longer. His love for all things tech started when he got his first PC over 15 years ago. It was a Pentium IV system running Windows XP on a single 256 MB stick. He spent his formative years glued to this PC, troubleshooting any hardware or software problems he encountered by himself. Professionally, Anup has had brief forays into a variety of fields from coding and hardware installation to writing. In doing so, he's worked with people of different backgrounds and skill levels, from average joes to industry leaders and experts. This has given him not just a versatile skill set, but also a unique perspective for writing that enables him to concisely communicate complex information and solve his reader's problems efficiently. You can reach out to him at anup@technewstoday.com.

Related Posts

View 2 Comments

2 Comments

    • Anup Thapa on

      Hi Hsin,
      If you’re on a system that doesn’t use UFW, it might use some other Netfilter implementation like iptables or nftables.
      Or if no firewall has been set up at all, you can simply ignore the firewall as a potential cause.

      Reply

Leave A Reply