Archive

[Solved] ‘SSH Connection refused in DigitalOcean’

In this article, we are going to discuss four primary reasons behind the error ‘SSH Connection refused in DigitalOcean’ and how to fix those errors. SSH clients such as Putty and OpenSSH are used to manage remote Linux servers with SSH installed on them, but sometimes users get a particular error such as ‘SSH connection refused’ in the DigitalOcean Droplets.

If you are looking for managed service you can visit our DigitalOcean Cloud Plans, where we do everything for you and let you run your business with ease.

It’s a significant challenge for sysadmins and direct users to know the possible four reasons to access their servers. We are going to understand the complexity behind this error and how our technical support staff fixes it.


What is SSH?

SSH is known as a secure shell or secure socket shell is a protocol network that mainly used by system administrators to access their server from an unsecured network in a safer way.

SSH is the best way to access remote Linux servers and it is already installed by default on most of the Linux distributions. Users can use various ssh clients to access remote SSH, such as Putty for Windows or use terminal directly if your OS is Linux.

What is the meaning of the error ‘SSH connection refused in DigitalOcean’?

First, it is important to understand the SSH connection refused error. When the connection request is properly routed to SSH Host, but the host doesn’t accept that request and send an acknowledgment message as mentioned below:

ssh: connect to host 192.168.xxx.xxx port xx: Connection refused

This message is sent to droplet owners for affirmation. There can be many reasons behind it, but we will discuss four major reasons.


What are the causes and how to fix the error ‘SSH connection refusal in DigitalOcean’?

After checking every possibility that causes this error, it is important to access your droplet from the DigitalOcean console window to troubleshoot the problem (troubleshooting requires console access, so this step is a must).

Droplet > Access Console

Access Console of a droplet in digitalocean

Once you click on the Access Console, a new window opens to troubleshoot your error from the console.

Centos Linux 7 Kernel to troubleshoot the error

According to our experience in the past, let’s discuss the four primary reasons behind the error ‘SSH Connection refused in DigitalOcean’ and How to get it Fixed.

SSH Service Connection Fails

Problem: SSH service uses sshd daemon to listen to the incoming connections and handles user authentication, terminal connections, and many more. If this service crashes, the connection fails, and results in SSH Connection refused error in DigitalOcean servers.

Solution: Technical staff identifies and researches on the root cause of service failures. The reasons can be traffic impales, disk errors, resource breakdowns, DDoS attacks, and many more.

Sometimes the backend service fails or doesn’t respond. In this case, technical staff kill the dead process and restart the service. For example, In CentOS 7 droplet, we restart the SSH service using the below command:

 

systemctl restart sshd

 

After a restart, we confirm that the SSH is running and the output shows like this:

 

sshd.service – OpenSSH server daemon

Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)

Active: active (running) since Mon xxx-xx-xx xx:xx:xx GMT; x days ago

 

Wrong Selection of SSH Port

Since standard ports are more vulnerable to attack, many web hosts change the SSH port to a custom port.

So, if Droplet owners access their servers using the wrong port, they will be knocked out with the error SSH Connection refused.

Problem: Since standard ports are weak to attack and many web hosts change the SSH port to a custom port for security purposes, and that causes the error of SSH Connection refused when accessed by a droplet owner.

Solution: There are two ways to check the correct SSH port. First, technical staff access the droplet via a console and check the SSH configuration file. By default SSH configuration file is saved at /etc/ssh/sshd_configTo identify the port that is set in the system, we check the Port Parameter in the ssh_config file.

The second way is to check the SSH port using netstat command. The output shows the port that listens to the custom port or not. If it is on the custom port, then technical staff change the custom port to the correct port.

Restriction of the firewall

Problem: Another reason for SSH connection refused error is improper firewall configurations. Some public networks may block the default SSH port 22 or custom SSH port, if the default port is blocked on the firewall it should be opened and in case you have changed to use another port make sure it is added to the firewall so that SSH can be assessed.

Solution: In this case, technical staff checks the firewall rules that are configured on the server. Second, the connectivity to the SSH port from the external network is evaluated with the help of the following command:

telnet IP PORT

Now, replace the IP with the droplet IP address and port with SSH port. Also, we study the configured rules of the firewall, and if one of them denies the connection to port 22, then that rule is removed instantly from the firewall configuration.

In CentOS7 servers, if the rule exists to reject or drop incoming connections on the SSH port, then that rule is removed instantly from the firewall. Furthermore, we edit the firewall configuration to allow connections to the SSH port with the help of the following command:

iptables -A INPUT -p tcp –dport 22 -j ACCEPT

 

Wrong Selection of Host IP Address

Problem: One of the four reasons behind SSH connection refused error is the incorrect selection of IP address or IP conflict. In simple words, when multiple droplets use the same IP address, then this error occurs, and if someone uses the wrong IP address.

Solution: To resolve this error, we check the droplet IP address from Manage>Networking > PTR Records in the DigitalOcean control panel. Furthermore, we use tools like nmap to check the droplets that are running on the network, and if the IP of the droplet conflicts, then that is instantly changed after confirmation with the customer.

Networking option in digitalocean to manage IP address of your droplet


Conclusion

In this article, we have discussed four significant reasons behind the error ‘SSH Connection refused in DigitalOcean’ and how to get them fixed. Furthermore, we have analyzed the solutions to four major problems that are solved and fixed by sysadmins to access customer’s servers from SSH using Putty or OpenSSH. You must have understood the complexity behind this error and how technical support staff fixes it.

How to resolve “localhost connection refused”?

When on windows you usually use putty to connect to remote SSH servers or terminal when on Linux. While connecting sometimes you can get error such as localhost connection refused on putty or your Linux terminal. Now, this can be very annoying as you can’t get to SSH of your remote server and perform your tasks.

 

This problem can be from the server or client-side. In this tutorial, we will see probable causes of this error and how to fix them. If you are using our managed vps, then you just have to contact us via ticket or live chat and we should fix this for you.

 

Let’s continue and see reasons for this error and how to resolve localhost connection refused.


Possible error messages on Putty or Linux Terminal

 

We will first see possible error messages that you will see.

 

In putty

 

Putty Fatal Error
Network Error: Connection Refused

On Linux Terminal

 

ssh: connect to host 51.xx.xx.xx port 22: Connection timed out

 

Now the connection to the server is properly routed, but the server is not accepting your connection for many reasons that we will discuss below.


Reasons and Fixes for localhost connection refused

 

We will now discuss reasons and fixes for this error one by one.

 

1. SSHD Daemon not running

 

It is possible that SSHD daemon on your remote server is not running. For SSH to work there is a daemon that works behind the scene and it is called SSHD. If this daemon is not running your server will not be able to accept SSH incoming connections. Check if this service is running or not:

systemctl status sshd

If it is not running you can turn it on:

systemctl start sshd

 

SSHD does not start?

Now for some reasons if your SSHD daemon still won’t start make sure you have enough disk space using:

 

df -h

 

If you have enough space you can see if your server is receiving heavy traffic or if the server is under heavy load. You can hire our managed vps service as well we offer 3 days free trial (no credit card required)

 

2. Firewall blocking SSH Port

 

Most of the time there is some firewall blocking the SSH port. First, see if you can telnet to SSH port 22

 

telnet 192.xx.xx.xx 22

 

Then check if you or user IP is blocked on IP Tables firewall

 

iptables -nL

 

If IP is listed, you need to unblock this IP to restore connectivity to SSH port 22. There is also a possibility that firewall has dropped or reject rule for SSH port 22, you need to remove that rule and add run following command:

 

iptables -A input -p tcp –dport 22 -j ACCEPT

 

If using CyberPanel

 

If you are using CyberPanel it comes with Firewalld by default unless you have installed CSF. You can go to :8090/firewall/ by default port 22 is opened, if not you can add port 22 there.

 

If you have installed CSF with CyberPanel, you can use csf.allow file to allow this IP. The file is located at

 

nano /etc/csf/csf.allow

 

Then turn off and turn on CSF again from CyberPanel interface.

 

3. Custom SSH Port

 

If you have defined a custom port for SSH (for security reasons, because standard SSH ports are prone to brute force attacks). Then you need to open that port on the firewall as well. Because firewall doesn’t know you choose a custom port for SSH.

 

First, confirm if you are using custom port using

 

cat /etc/sshd_sshd_config | grep Port

 

If you see something other then port 22, you need to fix it.

 

iptables -A input -p tcp –dport custom_port_here -j ACCEPT

 

Replace with custom port here.

 

If using CyberPanel

 

Go here :8090/firewall/secureSSH and see if you have set custom ssh port. Normally if you set custom SSH port, CyberPanel will open this port for you on the firewall. But if it still does not work, you can open this port manually by going to :8090/firewall/ or here :8090/firewall/csf if you are using CSF.

 

4. Incorrect IP, SSH Port or Key File

 

It is also possible that you did a human error and used incorrect IP or wrong SSH port. Make sure you are using right IP on putty or Linux terminal along with correct SSH port.

 

Sometimes people also use key-based authentication, and they get issues while connecting to SSH if the wrong private key is used or there are wrong permissions on your SSH private key. On your local server make sure that your private key has the permission of 600.


Why use CyberPanel?

 

We’ve discussed many reasons and fixes for localhost connection refused error. But we recommend that you install CyberPanel on your VPS, it will help you solve many issues and if you are hosting sites then you will get super speed as well because CyberPanel is based on OpenLiteSpeed and LiteSpeed Enterprise.

 

You will get easy access to Firewalld (installed by default) where you can easily open/close any ports at your wish. Or you can also install CSF too.

 

If you are very novice user you can also hire our managed vps service, we are super affordable and provide top-notch support to all our customers. You can start with 3 days trial (no credit card required at all).