Skip to main content

Can’t SSH

## Why SSH connections can fail

There are many reasons why an SSH login may fail. The most common causes include using the wrong port or IP, incorrect credentials, the SSH service not running, SSH access disabled, or a firewall blocking the connection. Below are diagnostic steps and solutions.

### Verify you are connecting to the right host and port

* Make sure you are using the correct public IP or hostname and SSH port. By default SSH listens on **port 22**; some administrators change this for security. If the server runs on a custom port you must specify it with `ssh -p <port> user@server`【523934296284278†L20-L28】.
* Test network connectivity to the server using `ping` or `traceroute` from your local machine. If packets don’t reach the server, there may be a network or routing issue.
* Check that the SSH port is open on the server by running `ss -tuln | grep :22` or `nc -zv <server_ip> 22` from the console. If the port is closed, open it in your firewall.

### Ensure you are using the correct credentials

* Use the right username and password or SSH key. A “connection refused” message can occur when the client sends invalid credentials【523934296284278†L35-L41】.
* If you use key‑based authentication, make sure the private key file is correct, has `600` permissions and matches the public key in `~/.ssh/authorized_keys` on the server.
* Double check the password/username in your welcome email or the IllusionCloud panel. Passwords are case‑sensitive.

### Confirm the SSH service is installed and running

* The remote server must have an SSH server (OpenSSH on Linux or sshd on Windows) installed and running. On Linux, check its status in the console with:

  ```
  sudo systemctl status ssh
  ```

  or 

  ```
  sudo service ssh status
  ```

  If the service is inactive or not installed, install it with your package manager and start/enable it【523934296284278†L45-L55】.
* On Windows, verify that the “OpenSSH Server” feature is installed and started.

### Check whether SSH access is disabled

* Some hosts disable SSH access until you explicitly enable it via the control panel. If you receive a “Connection refused” error, ensure SSH access has been enabled, then start the `sshd` service (`sudo service ssh start`)【523934296284278†L58-L66】.
* Confirm that `PermitRootLogin` or `PasswordAuthentication` have not been disabled in `/etc/ssh/sshd_config`. If root login is disabled, login as a normal user (e.g., `user`) and then use `sudo su -` to become root.

### Look for firewall or security group blocks

* If the server’s firewall blocks the SSH port, the connection will be refused. Ensure that port 22 (or your custom SSH port) is allowed in `ufw`, `firewalld` or `iptables`【523934296284278†L67-L72】.
* For cloud instances, check the provider’s security group rules to allow inbound TCP connections on the SSH port from your IP.
* On your local computer, ensure that no outbound firewall rules block SSH.

### Resolve host key and known_hosts issues

* If you see a warning that the host key has changed (“REMOTE HOST IDENTIFICATION HAS CHANGED”), the server may have been rebuilt or you may be connecting to the wrong server. Compare the host’s fingerprint with your welcome email or control panel. To remove the stale key, run:

  ```
  ssh-keygen -R <server_ip>
  ```

  Then reconnect.

### Use the remote console if locked out

If you cannot SSH even after checking the above, use the IllusionCloud control panel’s remote console. This gives you direct console access to fix networking or SSH configuration problems, reset passwords, or add your SSH key. Once you have regained access, consider setting up key‑based authentication, enabling a firewall with only the necessary ports open, and regularly testing your credentials.

 

Back to top