How to Troubleshoot SSH Issues

How to Troubleshoot SSH Issues

Dealing with SSH errors can be frustrating since they prevent you from accessing your servers. SSH (Secure Shell) is an essential tool made for administration tasks and maintenance of servers. Most pages in websites require the user to use SSH to access the server at some point.

If you run into SSH issues, this guide will help you troubleshoot these problems. In this case we’ll work with a virtual server.

Troubleshooting SSH Issues

To resolve SSH connection issues, you need to ensure your Virtual Private Server is working correctly through the web console. Also, check the cloud panel to determine if there are any issues in your area that may affect your VPS.

How to Detect SSH Issues

When you have issues with SSH, it becomes hard to access your server and you will see the following error messages:

Permission denied (publickey)

Or

ssh: connect to host [...] port 22: connection refused

Or

ssh: connect to host [...] port 22: operation timed out

Or

ssh_exchange_identification: read: Connection reset by peer

Or

REMOTE HOST IDENTIFICATION HAS CHANGED

Or

WARNING: UNPROTECTED PRIVATE KEY FILE!

You might also come across the following errors:

bind: Address already in use

Errors Checklist

The following checklist will cover the common SSH errors.

Remote Hostname Identification Error

You may get this error when trying to access through SSH:

REMOTE HOST IDENTIFICATION HAS CHANGED

A hostname error may occur when an SSH host fails to connect using a specific network address.

On the SSH, if you run a command like ssh user@example.com you might see the error below:

error output
ssh: Could not resolve hostname example.co: Name or service not known

In PuTTY you may come across an error like this:

PuTTY error output
Unable to open connection to example.com Host does not exist

To resolve this error, follow the steps below;

  • Confirm the hostname is spelled properly.
  • Confirm that the hostname error can be resolved using the ping command on your system.

If you’re still having DNS issues, you can use the IP address on your virtual server as a reliable solution using ssh user@111.111.111.111 rather than the normal ssh user@example.com

Connection Timeout

This error shows that the user tried to find a connection to the server, but the server refused to load the results within the specified timeout period.

Running the following command ssh user@111.111.111.111 in an OpenSSH will result into the following error:

Error output
ssh: connect to host 111.111.111.111 port 22: connection timed out

For PuTTY, you will see this error:

PuTTY error output
Network error: Connection time out

To correct this error, use the following steps.

  • Make sure that the IP address of the host is correctly written.
  • Confirm that the network you’re using allows SSH port connectivity.
  • Verify that the firewall rules on your VPS are not on default.

Connection failure

Connection failure is different from a timeout. It means that your request reaches the SSH port but the host refuses to take the request.

In this case, you may see the error below:

Error output
ssh: connect to host 111.111.111.111 port 22: connection refused

In PuTTY, you may see something like this:

PuTTY error output
Network error: Connection refused

At this point, you may experience similar errors as connection timeout. So you can resolve them using the same steps as described above:

To correct this error, use the following steps.

  • Make sure that the IP address of the host is correctly written.
  • Confirm that the network you’re using allows SSH port connectivity.
  • Verify that the firewall rules on your Virtual server are not set to default.

Solutions to Common SSH Connectivity Issues

Here we discuss the most common troubleshooting techniques for SSH errors.

Firewall Configurations

Some SSH connectivity issues can occur when firewall configurations may be blocking certain ports and services.

To correct this, you will need to learn how to adjust the firewall rules. For instance, Ubuntu servers run on UFW while CentOS use FirewallD.

If you’re using FirewallD, use the command below:

# firewall-cmd --list -services

This should produce a list of all the services you need including SSH running on default port 22 to show that the firewall is working properly:

Output

dhcpv6-client http ssh

For those using UFW, use the ufw status to check the status of the firewall:

# ufw status

The output should look like this:

Status: active

To                         Action      From
--                         ------      ----
22                         LIMIT       Anywhere                  
443                        ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
Anywhere                   ALLOW       192.168.0.0               
22 (v6)                    LIMIT       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)

Ensure the SSH port you’re using is listed.

Check the Status of your SSH

If you run into an error when using SSH on VPS, check to make sure the SSH is working properly. This depends on the operating system you are using. For older OS systems such as Ubuntu 14.04, Debian 8, or CentOS6, use the service command. For recent versions, run the systemct1 command.

For Ubuntu 14.04 run the service command, check the status of SSH with the following command:

# service ssh status

If the status is okay, you should see something like this:

output (running)
ssh start/running, process 1262

If not, you will see the following message:

output (running)
ssh start/waiting

On a system that uses the systemct1 command, check the status using the following command:

# systemct1 status sshd

You should have the following result. Take note of the Active line.

sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
   Active: active (running) since Mon 2017-03-20 11:00:22 EDT; 1 months 1 days ago
  Process: 899 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS)
 Main PID: 906 (sshd)
   CGroup: /system.slice/sshd.service
           ├─  906 /usr/sbin/sshd -D
           ├─26941 sshd: [accepted]
           └─26942 sshd: [net]

If the service isn’t running correctly, you will note the Inactive line showing the following output:

sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
   Active: inactive (dead) since Fri 2017-04-21 08:36:13 EDT; 2s ago
  Process: 906 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 899 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS)
 Main PID: 906 (code=exited, status=0/SUCCESS)

In case the service isn’t running, start again using systemct1 start sshd or service ssh start depending on the OS system.

Check the SSH Port

SSH service port can be checked using two methods. First is to check the SSH configuration folder, second is to examine how the system is running.

The SSH file in most systems is /etc/ssh/sshd_config. Use the default port 22, although you can use a different configuration line by including a port with a specific number.

Use the following command:

$ gre port /etc/ssh/sshd_config

You should see the following output to show the port number:

output
port 22

Use ss to confirm your port is running properly. Use sudo to run ss or use the root user.

You should have something like this:

# ss -p1nt

The result should show the name of the program with a specific port configured. An example should look like this:

output
state           recv-Q   send-Q
LISTEN            0         128
LISTEN            0         128

By now you should be able to troubleshoot most SSH issues.

Conclusion

These simple steps should help get up to speed with the SSH issues that may be preventing your system from running properly. We hope this information will be helpful in dealing with SSH problems.

 

Check out the top 3 Best web hosting services

Hostinger
$2.99 /mo
Starting price
Visit Hostinger
Rating based on expert review
  • User Friendly
    4.7
  • Support
    4.7
  • Features
    4.8
  • Reliability
    4.8
  • Pricing
    4.7
IONOS
$1.00 /mo
Starting price
Visit IONOS
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.0
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.3
Ultahost
$2.90 /mo
Starting price
Visit Ultahost
Rating based on expert review
  • User Friendly
    4.3
  • Support
    4.8
  • Features
    4.5
  • Reliability
    4.0
  • Pricing
    4.8

How to Change Your SSH Port from the Default Port

Follow our step-by-step guide to change your SSH default port to a more secure o
3 min read
Idan Cohen
Idan Cohen
Marketing Expert

How to Enable Two-Factor Authentication on an Ubuntu 18.04 VPS or Dedicated Server

This guide will show you how you enable two-factor authentication to improve the
4 min read
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO

How To Enable Windows Authentication And Extended Protection For A Web Site, Web Application, Or Web Service

This article provides you with the step by step tips on how to enable Windows Au
4 min read
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How To Transfer Files From a Remote Server to another Remote Server Using SSH

A relatively common situation is requiring the move of a website from one server
4 min read
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top