Secure Shell (SSH) is a key WordPress development tool. It gives power users access to key platforms and software that make coding and other tasks easier, faster, and more organized.
So, if you try to use SSH only to see a “Connection Refused” error, you may start to feel worried. However, this is a common problem, and it is entirely possible to fix it on your own with just a little troubleshooting. It will run commands again in no time.
In this post, we will discuss what SSH is and when to use it. Below, we will explain some common reasons why your connection may be rejected, even on PuTTY. Finally, we will provide some troubleshooting tips.
Let’s dive in!
Prefer to watch the video version?
What is SSH and when should I use it?
Secure Shell
(SSH), also sometimes called Secure Socket Shell, is a protocol for securely accessing your site’s server over an unsecured network. In other words, it’s a way to securely log into your server remotely using your preferred command line interface:
Using SSHWordPress site Unlike File Transfer Protocol (FTP), which only allows you to upload, delete, and edit files on your server, SSH can perform a wide range of tasks. For example, if a bug blocks you from your WordPress site, you can use SSH to access it remotely.
This protocol also allows you to use several key development tools, including:
- WP-CLI. The WordPress command line. You can use it for a variety of tasks, including new installations, bulk plugin updates, and media file imports.
- composer. A PHP package manager. It allows you to implement various frameworks for use in your site’s code by extracting the necessary libraries and dependencies.
- git. A version control system used to track changes to code. This is especially useful for teams of developers working together on a single project.
- NPM. A JavaScript package manager. It includes a command line and a JavaScript software log. Note: Kinsta customers will need an Enterprise plan to access this feature.
It is important to note that using SSH is an advanced skill. Generally speaking, lay WordPress users should contact their developers or hosting providers for help, rather than trying to solve the problems with SSH themselves.
Important
A simple poorly written command could ruin your website, so it’s vital that you know what you’re doing.
Why is my SSH connection rejected? (5 reasons for connectivity errors)
Unfortunately, there are many scenarios that could occur while trying to connect to your server via SSH, which could lead to an error stating “Connection Declined”.
Below are some of the most common issues that could be causing you problems.
1. Your SSH service is down To connect to your server with SSH,
you need to run an SSH daemon, a program that runs in the background to listen for and accept connections.
If this
service is down
, you will not be able to successfully connect to your server and you may receive a
connection declined error:
Your server’s SSH daemon can be down for a wide variety of reasons, including unexpected traffic spikes, resource outages, or even a distributed denial of service (DDoS) attack. In addition to the troubleshooting steps we’ll mention below, you may want to contact your hosting provider to determine the root cause of the issue.
If you suspect that your SSH service
might be down, you can run this command to find out: sudo service SSH
status
If the command line returns a status of inactive, you have likely found the reason behind your connectivity failure
.
Info
Kinsta is developer-friendly and offers SSH access on all its hosting plans
.
2. You have
the wrong credentials
Although it seems too simple to be true, you may only be entering the wrong credentials when trying to connect to your server. There are four pieces of information required to run SSH:
- Hostname. The IP address of the server you’re trying to connect to or your domain name.
- username. Your FTP username(s).
- password. Your FTP password(s).
- Port. The default port is 22. However, some hosting providers (including Kinsta) change their SSH port number for security reasons. If this is the case, you should be able to find it by logging into your MyKinsta dashboard.
You can also check which port is being used for SSH by running this command:
grep Port /etc/ssh/sshd_config
The command line should return the correct port
.
Make sure you are entering the correct credentials and taking into account the possibility of typos or entering the wrong IP address or port.
3. The port you are
trying to use is closed
A “port” is simply the endpoint you are directed to when you connect to your server. In addition to making sure you have the right one, you’ll also want to check if the port you’re trying to use is open.
Any open port is a security vulnerability, as hackers can try to exploit it and gain access to the server. For this reason, unused ports are often closed to prevent attacks.
In the event that
port 22, or the custom SSH port for your server, has been closed, you are likely to see a connection rejected error. You can see all the ports listening on your server by running this command:
sudo lsof -i -n -P | grep LISTEN
This command should return a list of ports with the status LISTEN. Ideally, you want to see your server’s custom port 22 or SSH port listed here. If not, you’ll need to reopen the port to connect to your server.
4. SSH
is not installed on your server
As we briefly mentioned earlier, servers use SSH daemons to listen and accept connections. Therefore, if the server you are trying to connect to does not have one installed, you will not be able to access it using SSH.
Generally speaking, almost all hosting providers will have SSH daemons installed on their servers by default. This particular problem is most common on localhost or dedicated servers.
5. Firewall settings prevent an SSH connection
Since open ports present a security risk, firewalls installed to protect servers from hackers sometimes block connections to them. Unfortunately, this means that even harmless users trying to SSH on their servers can receive a connection rejected error as a result of firewall settings.
If your settings seem to be in order and you still can’t connect, take a look at your firewall rules. You can display them in the command line interface with the following commands
: sudo iptables-save # display IPv4 rules sudo ip6tables-save # display IPv6
rules Your results will vary, but you’ll want to look for these items to determine if your firewall is blocking
SSH connections: dport 22:
- This refers to the destination port, which for SSH is usually port 22 (reminder: Kinsta does not use this port number.)
- REJECTION: This would indicate that connections from the specified destination are being rejected.
- DROP: Like REJECT, this means that connections to the relevant port are being blocked.
If you look up the results of the above commands for dport 22, you should be able to determine if your firewall is preventing an SSH connection. If so, you’ll need to change the rules for accepting applications.
Why does PuTTY say the connection was rejected?
PuTTY is an SSH client. If you’re familiar with FTP, this platform is FileZilla’s equivalent to SSH on Windows machines. In other words, PuTTY allows users to enter their credentials and initiate an SSH connection:
PuTTY website
If you are a PuTTY user and see the Connection Rejected error, the cause is likely one of those listed above.
This is an SSH connectivity error like any other, and the troubleshooting tips below should work if you’re using PuTTY, Terminal, or any other program to connect to your server with SSH.
We’ve taken our knowledge of effective website management at scale, and turned it into an eBook and video course. Click to download the Guide to Managing 60+ WordPress Sites!
How do I troubleshoot SSH connectivity errors?
When you experience an SSH connectivity error, there are some steps you can take to fix it based on the cause. Here are some tips to fix the reasons for a connection declined error that we covered above:
- If your SSH service is down. Contact your hosting provider to see why your SSH service is not running. For localhost or dedicated servers, you can use the sudo service ssh restart command to try to get it working again.
- If you entered the wrong credentials. Once you have double-checked the SSH port using the grep Port /etc/ssh/sshd_config command, try connecting again with the correct details.
- If the SSH port is closed. This is usually a side effect of one of the two reasons listed below. Install an SSH daemon on the server you want to connect to, or change firewall rules to accept connections to its SSH port.
- If SSH is not installed on the server. Install an SSH tool such as OpenSSH on the server you want to connect to using the sudo apt install openssh-server command.
- If your firewall is blocking your SSH connection. Disable firewall rules that block your SSH connection by changing the destination port setting to ACCEPT.
If you’re trying to connect to your hosting provider’s server, it may be wiser to contact technical support than to try to fix the problem yourself. Users on localhost or dedicated servers may find more support in more advanced forums if none of the above solutions work.
Getting ‘Connection Refused’ Error via SSH? Learn why that happens and how to troubleshoot SSH connectivity errors thanks to this guide 🙅 ✋Click To Tweet
Summary
Being able to connect to your server with SSH is convenient in a wide range of situations. It can allow you to access your site when locked out of your WordPress dashboard, execute commands via WP-CLI, track changes to your site’s code with Git, and more.
Although there are several causes that could be behind your SSH connectivity error, here are some of the most common:
Your SSH service is
- down.
- You have the wrong credentials
- The port you are trying to use is closed
- is not installed on the server
- Firewall settings prevent an SSH connection.
.
. SSH
.