Secure Shell Debugging ssh problems Connection Refused


A "Connection Refused" error will occur if your client sends a connection request to a remote server host, and the remote host responds to say that it refuses to accept the request. The "Connection Refused" error essentially means that the computer is not accepting connections to the requested IP address and port.

"Connection refused" can be caused by a firewall which is blocking connection requests. A firewall which is configured to block connections to a particular endpoint can be set to drop connection requests--in which case the client will never get a response and will eventually timeout. Or the firewall can respond to connection connection requests with a refusal response.

Aside from firewalls, in the case of SSH, "connection refused" has a few possible causes:

  • You could be using the wrong port number to connect. The standard port number for SSH is 22, but some people run the ssh service on a different port to deter unauthorized access attempts.

  • You could be trying to connect to the wrong computer. You may have mistyped the hostname or IP address. Or the computer may be using a dynamically-assigned address which has changed.

  • The ssh server process may not be running:

    • It may not have been started yet if the system is in the process of starting.
    • It may have been disabled; e.g. when the system is in single-user mode.
    • It may have been misconfigured, causing it to fail to start.
    • The computer may not have an SSH server set up. MS Windows systems typically don't include an SSH server. On some Linux systems, the SSH server may be an optional component. OS X includes an SSH server, but it's disabled by default.
  • The SSH server process may not be listening for connections on the specific IP interface which you're trying to connect to. Most computers have at least two IP interfaces, a "localhost" interface and one or more network interfaces. Each active interface will have an IP address associated with it. An SSH server is typically configured to accept connections on any IP interface. But it can be configured to accept connections only on particular interfaces. In that case, the computer will refuse connections to an IP address which the SSH server isn't listening to, even if the connection request has the correct port.

  • The server may have a backlog of connection requests to the same port. This is rare and unusual, but if the host is receiving connection requests faster than they can be handled, the host will eventually start rejecting new connection requests.

Note that, firewalls aside, "connection refused" means that you are communicating with the remote computer--it's just not accepting your connection request.