If you encounter issues with SSH on your VPS, follow these basic troubleshooting steps to investigate the SSH connection problem.
VPS Password Issues
If you cannot connect to your VPS with your current password or you forgot it, reset your VPS root password through the client area. Here is a guide on how to do it.
Unresponsive SSH Connection
If your SSH connection attempts are timing out or being immediately rejected, the SSH service might not be running, or your firewall might be blocking SSH connections. Connect to your VPS via the Emergency Console to investigate further.
Checking SSH Status
To check your SSH service status, connect to your VPS and run the appropriate command:
Ubuntu 16.04+, Debian 8+, CentOS 7+:
sudo systemctl status sshd -l
CentOS 6:
sudo service sshd status
Ubuntu 14.04, Debian 7:
sudo service ssh status
Restarting SSH Service
If the SSH service is not running, restart it with the following commands:
Ubuntu 16.04+, Debian 8+, CentOS 7+:
sudo systemctl restart sshd
CentOS 6:
sudo service sshd restart
Ubuntu 14.04, Debian 7:
sudo service ssh restart
Checking SSH Logs
If restarting SSH doesn't help, check the SSH logs:
Ubuntu 16.04+, Debian 8+, CentOS 7+:
sudo journalctl -u sshd -u ssh
CentOS 6:
less /var/log/secure
Ubuntu 14.04, Debian 7:
less /var/log/auth.log
SSH Running on a Non-Standard Port
Ensure SSH is running on the correct port by using netstat:
sudo netstat -plntu | grep ssh
If SSH runs on a different port, connect using:
ssh username@IP_address -p port
Port Conflicts
If another service is using the same port as SSH, you might see an error like:
"Bind to port 22 on 0.0.0.0 failed: Address already in use."
Resolve this by either:
Binding SSH to a different port.
Here is a guide how to do that.
Stopping the conflicting service:
sudo netstat -plntu | grep :22
sudo systemctl stop conflicting-service
sudo systemctl disable conflicting-service
Changing the conflicting service's port:
sudo netstat -plntu | grep :22
After changing the port, restart the SSH service.
Misconfigured Firewall Rules
If you can start the SSH service but connections still time out, review your firewall rules:
Ensure your SSH rule looks like this:
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
Disabling Firewall Rules Temporarily
To rule out firewall issues, temporarily disable the firewall:
Backup firewall rules:
sudo iptables-save > ~/iptables.txt
Set policies to ACCEPT:
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
- Flush the nat and mangle tables:
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -F
sudo iptables -X
Repeat these steps with ip6tables for IPv6 rules.
Note: Remember to re-enable your firewall after troubleshooting.
Rejected SSH Logins
If SSH is running but login attempts are rejected, check the logs for rejected attempts. Ensure root logins are not disabled:
grep PermitRootLogin /etc/ssh/sshd_config
If PermitRootLogin is set to no, either log in with another user or set it to yes and restart the SSH service:
sudo systemctl restart sshd
