The SSH
“Connection Declined” error occurs when you try to connect to a Secure Socket Shell (SSH) server, but the connection fails.
SSH is a network protocol that allows you to execute numerous tasks over an encrypted and secure connection. Like FTP, you can use it to upload, download, or edit files.
However, through SSH you can perform much more advanced tasks. You can run various scripts and commands directly on the server through a command-line interface. For more information, read this detailed SSH guide.
You won’t encounter this error in your browser while visiting sites. The SSH connection is established between an SSH client installed on your computer and an SSH server program (also called a daemon) installed on a web hosting server. Therefore, the most common place where you will see this error is in an SSH client program.
Below you can see an example of the error “SSH port 22 connection rejected” in Terminal on a Mac computer.
!["SSH](http://d3kky1fz3fem6z.cloudfront.net/wp-content/uploads/sites/2/2019/04/connection-refused-error-in-mac-terminal-708x207.png" "How to fix the SSH “Connection refused\" error? - SiteGround KB 1")
Similarly, you will see the error in Terminal if you are a Linux user. The following example is from a Linux/CentOS operating system.
!["Error](http://d3kky1fz3fem6z.cloudfront.net/wp-content/uploads/sites/2/2019/04/connection-refused-ssh-error-in-linux-terminal-708x297.png" "How to fix the SSH “Connection refused\" error? - SiteGround KB 2")
Windows users will usually see the error in the popular PuTTY SSH client. PuTTY may display another variation of the error: “Connection timed out.”
![""SSH](http://d3kky1fz3fem6z.cloudfront.net/wp-content/uploads/sites/2/2019/04/ssh-connection-timed-out-error-in-putty-708x447.png" "How to fix the SSH “Connection refused\" error? - SiteGround KB 3")
What are the reasons for "Connection refused" error in SSH and how to fix them?
Although the error message itself is not very informative of the problem, there are some common causes. We will review each case and its solution.
The local computer does not
have an SSH client installed
To establish an SSH connection, the computer must have a program named SSH client. It allows you to communicate with a remote server and execute SSH commands. If the program is missing, you will see the SSH error “Connection refused”.
An easy way to determine if your computer has SSH installed is to run the following command in Terminal.
$ ssh
If SSH is installed, the response in Terminal will be a list of available commands. Otherwise, the result will be “command not found”.
Mac users do not need to install an SSH client. All modern versions of macOS have an SSH package pre-installed, and you can run it from the Terminal tool.
On Linux, you can also run SSH from Terminal. However, there is no built-in SSH client by default, so you need to install it additionally.
Depending on your distribution, you can install the OpenSSH package for the Linux operating system by running the specific commands in Terminal.
To install OpenSSH on the Ubuntu/Debian distribution, run the following command.
$ sudo apt install openssh-client
For CentOS/RHELs distributions, use this command
. $ sudo yum install openssh-clients Windows
also doesn’t have an SSH client by default, so you’ll need to install it yourself
.
In earlier versions of Windows, OpenSSH is not directly supported. Therefore, you must install a client program that allows you to establish an SSH connection. The most popular is PuTTY. For detailed instructions, read this guide on how to install and use PuTTY.
From Windows 10 (build1809) onwards, you don’t need a dedicated client for SSH access. You can install and run OpenSSH at the command prompt or PowerShell. For detailed instructions, see the official documentation on how to install OpenSSH on Windows.
Your web hosting server doesn’t have a daemon
Having an SSH client
installed on your local computer is an important prerequisite for an SSH connection. However, your website’s hosting server must also have an SSH server program installed. It is called SSH daemon and serves to monitor and authorize SSH connections.
If you try to connect to a server that is missing an SSH daemon, it will also trigger the “Connection refused” message. Most managed hosting providers have SSH servers pre-installed by default. SiteGround customers have SSH enabled on all plans.
Contact your hosting provider to make sure the SSH daemon is installed on your server. Perhaps the SSH daemon is configured, but it is currently inactive. Your hosting support will be able to check your setup and provide more information.
In case you are managing your own dedicated server or localhost, you need to install the SSH daemon package.
To install the OpenSSH server, you can use the following guides.
How to install OpenSSH server on Linux Ubuntu / Debian How to install OpenSSH server on
- Windows
- How to install OpenSSH package on Linux CentOS/RHEL
A firewall is blocking the SSH port
To handle data and traffic from different services efficiently, operating systems use ports. Ports are software endpoints designed to handle data only from specific services. For example, your email application uses one port to send emails via SMTP and another port to receive incoming messages via IMAP or POP3.
The SSH service also uses dedicated ports to exchange data. By default, the port is 22. However, many hosting providers use a custom SSH port instead. The SSH port on SiteGround is 18765.
If you are unsure of the port, you can run any of the following commands on the server.
$ grep Port /etc/ssh/ssh_config
or
$ grep Port /etc/ssh/sshd_config
The output of the command will display the SSH port. In the following example, the system indicates that it is 22.
Every open port is considered a potential vulnerability that bad actors could exploit. Therefore, a firewall may be blocking the SSH port. Most of the time, the most restrictive firewall rules are set in the office, VPN, and public networks, such as university, airport, or library Wi-Fi.
If you are using such a network and receive this error, try connecting to SSH from another network. Ideally, test from your home Wi-Fi, which should be less restrictive. If you still can’t connect to SSH, check your firewall settings and make sure to allow connections for ports 22 and 18765 (for SiteGround).
Another possibility is that the block may come from the hosting server. You can use incorrect credentials and accumulate failed login attempts. Therefore, the server firewall can block your IP for connections on the SSH port. Contact your hosting provider, so they can verify your IP and unblock it, if that’s the case.
Incorrect SSH
credentials or port
You need multiple credentials to connect from your SSH client to a server. If any of the settings are incorrect, the server will return the message “Connection rejected”.
Any SSH connection requires the following details
:
- Hostname: This is the server address. It could be your IP address, the server name, or the domain of your website (if the domain’s A record points to the server).
SSH username:
- The username of the website’s
SSH server.
- Password: It is important to note that the SSH user does not have a password. The requested password is the passphrase of your private SSH key. Learn more about SSH keys.
- Port: The default port for SSH connections is port 22. However, for the sake of better security, many hosting providers use a custom SSH port instead of the default. The port for SSH on SiteGround is 18765.
To make sure you have the correct details, log into your accommodation’s control panel. There should be a section where SSH credentials are listed.
SiteGround users can find the credentials in Site Tools. Open the “Websites” section of your Client Area. Access Site Tools for the particular site and navigate to the DEVS section, then select SSH Key Manager. On this page, you can view the user, hostname, and SSH port under SSH Credentials.
SSHservice is down
Most of the solutions listed so far help, given that the problem originates from your local device or network. If none of them worked, the error may be caused by an ongoing problem on the hosting server.
The SSH service may be down, if the server is overloaded due to insufficient resources or massive traffic spikes. Contact your hosting provider’s support, so they can check the status of the SSH service and provide more information.
If you manage your own dedicated server or localhost, you may need to check the status of the SSH server. It may be installed, but not activated.
To activate the SSH
server, run the following SSH command in Terminal.
$ sudo service ssh start
If you need to restart the SSH server, use the following command
. $ sudo service ssh restart
Summary
SSH is extremely useful in many situations and provides a wide range of features for advanced users. Needless to say, it’s frustrating when such an essential service is down. However, the “Connection refused” error comes down to a limited number of possible causes.
This guide examined the most common ones. Going through the above-mentioned solutions should help you fix the error.
Another error related to SSH connections is “Permission denied”. Learn more about it and how to fix it in this guide on “Permission denied (public key)” error when connecting via SSH.
For detailed steps on how to connect to SSH
, read this article on how to access your site through SSH connection.