Bobcares

‘SSH connection refused’ in DigitalOcean – Why SSH kicks you out?

by | Dec 23, 2018

SSH clients like PuTTY, OpenSSH, etc. provides users with a seamless way to manage their servers.

But, users can occasionally come up with server side errors, like ‘SSH connection refused’ in their DigitalOcean Droplets.

How can I fix it with this little piece of information? Right, there’s not much information we get from this error message.

But, don’t worry, at Bobcares, we help Droplet owners fix such errors as part of our Managed Cloud Services.

Today, we’ll discuss the top 4 reasons for this error and how our Support Engineers fix it.

 

‘SSH Connection refused’ in DigitalOcean – Let’s get an idea

Before we move on to the reasons, let’s first get an idea of this error.

SSH connection refused error means that the request to connect to the server is routed to the SSH host, but the host doesn’t accept that request and send an acknowledgement.

And, Droplet owners see this acknowledgement message as given below.

ssh: connect to host 192.xxx.12x.1x port xx: Connection refused

 

There are a number of reasons for this error.

Now, let’s see the top 4 reasons why SSH drops the connection and how our Support Engineers fix it.

 

‘SSH Connection refused’ in DigitalOcean – Causes & Fixes

Inorder to fix this error, we identify the cause of the error by checking and ruling out each possibility.

Usually, we use the Droplet console from Access > Console Access > Launch Console to troubleshoot such SSH related issues.

 

digitalocean ssh connection refused

DigitalOcean Droplet Console

 

In our experience managing Droplets, we’ve come across a number of reasons that can cause this error.

 

1) SSH service down

SSH service uses sshd daemon to listen to the incoming connections, and handles user authentication, terminal connections, etc.

So, if this service crashes, the connection fails and results in SSH Connection refused error in DigitalOcean servers.

Solution

The reason for service failures can be traffic spikes, resource outages, disk errors, DDoS attacks, and so on.

Our Hosting Engineers identify the reason and fix it.

If a backend service fails or doesn’t respond, we’ll kill the dead process and restart the service.

For example, in a CentOS 7 Droplet, we restart the SSH service using the below command.

systemctl restart sshd

 

After that, we confirm that SSH is running, and the output will be like this.

sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Mon 2018-12-19 10:00:22 GMT; 3 days ago

 

[Do you face intermittent service downtime in your Droplet? Our Server Administrators can fix it permanently for you.]

2) Wrong SSH port

Since standard ports are more vulnerable to attack, many web hosts change the SSH port to a custom port.

So, if Droplet owners access their servers using the wrong port, they will be knocked out with the error SSH Connection refused.

 

Solution

Inorder to identify the correct SSH port, our Hosting Engineers access the Droplet via a console and check the SSH configuration file.

On most systems, the configuration file for the SSH service is at /etc/ssh/sshd_config. Inorder to identify the port used in the system, we check the “Port” parameter in ssh config file.

Alternatively, we check the SSH port using the netstat command.

If we find that the service is listening on a custom port, we update the correct port to the customers.

 

3) Firewall restriction

Similarly, SSH connectivity problems may occur due to improper firewall configurations.

Some public networks may also block default SSH port 22 or SSH custom ports.

If the ports are not allowed for connections in the firewall, the connectivity can fail and lead to the error SSH connection refused.

 

Solution

In such cases, our Hosting Engineers analyze the firewall rules configured on the server.

In addition to that, we check the connectivity to the SSH port from the external network using the below command.

telnet IP PORT

 

Here, replace IP with the Droplet IP address and PORT with SSH port.

If we find any rules that deny connection to port 22, we’ll remove that rule from the firewall configuration.

For example, in CentOS servers, if we see a rule to REJECT or DROP incoming connections on the SSH port, we’ll remove that rule from the firewall.

Further, we edit the firewall configuration to allow connections to the SSH port like this.

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

[Have you messed up the Droplet firewall rules? Our Support Experts can fix it for you in minutes.]

4) Wrong Host IP address

Droplet owners face this SSH connection refused error, when they use wrong IP address or if there is an IP conflict.

In other words, this error can occur when the wrong IP address is used or multiple Droplets use the same IP address.

 

Solution

In such cases, we check the Droplet IP address via Networking > Public Network in the DigitalOcean control panel.

Similarly, we use tools like nmap to identify Droplets running on the network.

And, if we find any IP conflicts, we change the IP address of the Droplet, after confirming it with the customer.

Conclusion

In short, SSH connection refused in DigitalOcean servers can happen due to firewall restrictions, service down time, and more. Today, we’ve discussed the top 4 reasons for this error and how our Cloud Experts fix it.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF