Write Review

How to Troubleshoot SSH Issues

Dealing with SSH errors can be frustrating since they prevent you from accessing your servers. SSH (Secure Shell) is an essential tool made for administration tasks and maintenance of servers. Most pages in websites require the user to use SSH to access the server at some point.

If you run into SSH issues, this guide will help you troubleshoot these problems. In this case we’ll work with a virtual server.

Troubleshooting SSH Issues

To resolve SSH connection issues, you need to ensure your Virtual Private Server is working correctly through the web console. Also, check the cloud panel to determine if there are any issues in your area that may affect your VPS.

How to Detect SSH Issues

When you have issues with SSH, it becomes hard to access your server and you will see the following error messages:

Permission denied (publickey)

Or

ssh: connect to host [...] port 22: connection refused

Or

ssh: connect to host [...] port 22: operation timed out

Or

ssh_exchange_identification: read: Connection reset by peer

Or

REMOTE HOST IDENTIFICATION HAS CHANGED

Or

WARNING: UNPROTECTED PRIVATE KEY FILE!

You might also come across the following errors:

bind: Address already in use

Errors Checklist

The following checklist will cover the common SSH errors.

Remote Hostname Identification Error

You may get this error when trying to access through SSH:

REMOTE HOST IDENTIFICATION HAS CHANGED

A hostname error may occur when an SSH host fails to connect using a specific network address.

On the SSH, if you run a command like ssh user@example.com you might see the error below:

error output
ssh: Could not resolve hostname example.co: Name or service not known

In PuTTY you may come across an error like this:

PuTTY error output
Unable to open connection to example.com Host does not exist

To resolve this error, follow the steps below;

  • Confirm the hostname is spelled properly.
  • Confirm that the hostname error can be resolved using the ping command on your system.

If you’re still having DNS issues, you can use the IP address on your virtual server as a reliable solution using ssh user@111.111.111.111 rather than the normal ssh user@example.com

Connection Timeout

This error shows that the user tried to find a connection to the server, but the server refused to load the results within the specified timeout period.

Running the following command ssh user@111.111.111.111 in an OpenSSH will result into the following error:

Error output
ssh: connect to host 111.111.111.111 port 22: connection timed out

For PuTTY, you will see this error:

PuTTY error output
Network error: Connection time out

To correct this error, use the following steps.

  • Make sure that the IP address of the host is correctly written.
  • Confirm that the network you’re using allows SSH port connectivity.
  • Verify that the firewall rules on your VPS are not on default.

Connection failure

Connection failure is different from a timeout. It means that your request reaches the SSH port but the host refuses to take the request.

In this case, you may see the error below:

Error output
ssh: connect to host 111.111.111.111 port 22: connection refused

In PuTTY, you may see something like this:

PuTTY error output
Network error: Connection refused

At this point, you may experience similar errors as connection timeout. So you can resolve them using the same steps as described above:

To correct this error, use the following steps.

  • Make sure that the IP address of the host is correctly written.
  • Confirm that the network you’re using allows SSH port connectivity.
  • Verify that the firewall rules on your Virtual server are not set to default.

Solutions to Common SSH Connectivity Issues

Here we discuss the most common troubleshooting techniques for SSH errors.

Firewall Configurations

Some SSH connectivity issues can occur when firewall configurations may be blocking certain ports and services.

To correct this, you will need to learn how to adjust the firewall rules. For instance, Ubuntu servers run on UFW while CentOS use FirewallD.

If you’re using FirewallD, use the command below:

# firewall-cmd --list -services

This should produce a list of all the services you need including SSH running on default port 22 to show that the firewall is working properly:

Output

dhcpv6-client http ssh

For those using UFW, use the ufw status to check the status of the firewall:

# ufw status

The output should look like this:

Status: active

To                         Action      From
--                         ------      ----
22                         LIMIT       Anywhere                  
443                        ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
Anywhere                   ALLOW       192.168.0.0               
22 (v6)                    LIMIT       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)

Ensure the SSH port you’re using is listed.

Check the Status of your SSH

If you run into an error when using SSH on VPS, check to make sure the SSH is working properly. This depends on the operating system you are using. For older OS systems such as Ubuntu 14.04, Debian 8, or CentOS6, use the service command. For recent versions, run the systemct1 command.

For Ubuntu 14.04 run the service command, check the status of SSH with the following command:

# service ssh status

If the status is okay, you should see something like this:

output (running)
ssh start/running, process 1262

If not, you will see the following message:

output (running)
ssh start/waiting

On a system that uses the systemct1 command, check the status using the following command:

# systemct1 status sshd

You should have the following result. Take note of the Active line.

sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
   Active: active (running) since Mon 2017-03-20 11:00:22 EDT; 1 months 1 days ago
  Process: 899 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS)
 Main PID: 906 (sshd)
   CGroup: /system.slice/sshd.service
           ├─  906 /usr/sbin/sshd -D
           ├─26941 sshd: [accepted]
           └─26942 sshd: [net]

If the service isn’t running correctly, you will note the Inactive line showing the following output:

sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
   Active: inactive (dead) since Fri 2017-04-21 08:36:13 EDT; 2s ago
  Process: 906 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 899 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS)
 Main PID: 906 (code=exited, status=0/SUCCESS)

In case the service isn’t running, start again using systemct1 start sshd or service ssh start depending on the OS system.

Check the SSH Port

SSH service port can be checked using two methods. First is to check the SSH configuration folder, second is to examine how the system is running.

The SSH file in most systems is /etc/ssh/sshd_config. Use the default port 22, although you can use a different configuration line by including a port with a specific number.

Use the following command:

$ gre port /etc/ssh/sshd_config

You should see the following output to show the port number:

output
port 22

Use ss to confirm your port is running properly. Use sudo to run ss or use the root user.

You should have something like this:

# ss -p1nt

The result should show the name of the program with a specific port configured. An example should look like this:

output
state           recv-Q   send-Q
LISTEN            0         128
LISTEN            0         128

By now you should be able to troubleshoot most SSH issues.

Conclusion

These simple steps should help get up to speed with the SSH issues that may be preventing your system from running properly. We hope this information will be helpful in dealing with SSH problems.

 

Check out the top 3 Best web hosting services

Was this article helpful?