PuTTY provides a convenient way to access servers.
But, things can go wrong when it can’t communicate with the server, and users see an error like “localhost connection refused” in their PuTTY client.
Is this a server side or a client side problem? Well, it can happen at both sides.
At Bobcares we help server owners resolve these errors as part of our Support Services for web hosts.
Today, we’ll discuss the top 5 reasons for this error and how we fix them.
‘localhost connection refused’ error in PuTTY – What’s this?
Users usually use the PuTTY client to access the server remotely through SSH.
A Connection refused error means that the server refused the connection made by the application. In a PuTTY client, users see the below error message when trying to connect to the server.
Putty Fatal Error Network Error: Connection Refused
And, this means the connection to the SSH host is routed, but the host doesn’t accept that request.
‘localhost connection refused’ error in PuTTY – Causes & Fixes
Now let’s see the main reasons for this error in PuTTY client and how our Support Engineers help customers resolve this problem.
1) Firewall restrictions
Firewall blocking connections from a specific IP address/IP ranges or target SSH ports is one of the common reasons for this error.
We’ve seen cases in which the IP address or IP range of the customer is blocked on the server due to an abnormal behavior.
Similarly, server owners switch the default SSH port to a custom one, but failed to open that port on the server.
How we fix?
Firstly, our Hosting Engineers check that the IP address of the user is blocked in the server firewall. For example, we use the following command to check the rules in iptables firewall.
iptables -nL
And if it’s blocked, we unblock that IP address and restore the connectivity immediately. After that, we check the server logs to identify the reason for the block.
In addition to that, we check the connectivity to the SSH port with the telnet command.
telnet xx.xx.xx.xx 22
If we find any firewall rules that interfere with the connection to the SSH port, we’ll remove that rule from the firewall configuration.
For example, if we see a DROP or REJECT rule on SSH port for all connections, we’ll remove that rule from the firewall. Further, we edit the firewall configuration to accept all connections to the SSH port.
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
2) Service Downtime
Similarly, another common reason for this error is that the SSH service is not running or the SSH server is broken.
In other words, SSH service uses sshd daemon to process incoming connections, authentication requests, etc. If this service fails, the PuTTY SSH client can’t communicate with the SSH server, resulting in ‘localhost connection refused‘ error.
How we fix?
The reason for service failure could be disk errors, resource outages, traffic spikes, etc. Our Hosting Engineers determine if the SSH service is listening using the netstat command.
If the service fails or doesn’t respond, we kill the dead process and restart the service. For example, we use the following command for restarting the SSH service on CentOS 7 servers.
systemctl restart sshd
Most importantly, we identify the reason for the service downtime and fix it permanently.
3) Custom SSH port
Standard SSH ports are prone to attacks. That’s why server owners enable SSH service on custom ports, which are hard to guess.
But, if the users access the server using the wrong port, they will be kicked out of the server with the error ‘localhost connection refused‘.
How we fix?
Inorder to confirm the SSH port, we access the server via Console and check the SSH configuration file /etc/sshd/sshd_config. The Port parameter specifies the SSH port used by the server. Alternatively, we use the netstat command to check the SSH port.
Once we identify the correct port, we check the SSH client details and confirm that custome ruses the correct port.
4) Wrong PuTTY configuration
Similarly, a common mistake we see is that customers configure SSH clients like PuTTY without the necessary parameters. Incorrect Host or IP address, SSH port, connection type, username, key file, etc. can block the connection to the server.
In addition to that, we see customers using wrong IP address or the IP address conflicts with the other server. In other words, multiple servers assigned with the same IP address. This can also result in connection problems.
How we fix?
Our Hosting Engineers get the PuTTY configuration details from the customer. And, we ensure that the Hostname/IP address, username, SSH port, connection type, etc. are correct.
Further, we use tools like nmap to identify the servers running on the network. If we find any IP conflicts, we change the IP address of the server after checking with the customer.
5) Incorrect SSH key
Similarly, most users prefer to use key based authentication instead of password authentication to improve the security of the account.
However, a wrong private key or incorrect permissions of the SSH key pair can sometimes block users.
How we fix?
To confirm if private key is causing problem, we create a new key pair and connect to the server. If this works, we update the customer to create a new key pair and connect to the server.
Similarly, our Hosting Engineers check the permission and ownership of the key files in .ssh folder. If any permission or ownership issues are noted, we’ll immediately correct them. Most importantly, we ensure correct permissions for .ssh/authorized_keys file, because it’s where the public key is stored.
Conclusion
In short, localhost connection refused error in PuTTY client can occur due to firewall restrictions, service downtime, and more. Today, we’ve discussed the top 5 reasons for this error and how our Support Engineers fix them.
0 Comments