If you're unable to connect to a compute instance using SSH, follow these troubleshooting steps to identify common problems.
Verify the connection
Linux or MacOS
In a terminal window, run the following command:
If the command returns a message similar to:SSH-2.0-OpenSSH_9.4
You successfully connected to the instance and verified SSH is running. Double check the IP address in your SSH command, make sure it is correct.
If the command returns nothing:
- Check the public IP address on your instance detail page to make sure you are using the correct address.
- Double check the IP address used in your command, make sure it is correct.
Otherwise, continue with the troubleshooting suggestions on this page.
Windows
In a PowerShell window, run the following command:
If the command returns a message similar to:
ComputerName : <public ip>RemoteAddress : <public ip>RemotePort : 22InterfaceAlias : EthernetSourceAddress : <source ip>TcpTestSucceeded : True
You successfully connected to the instance and verified SSH is running. Double check the IP address in your SSH command, make sure it is correct.
- If the command returns:
WARNING: TCP connect to (<public ip>) failed- Check the public IP address on your instance detail page to make sure you are using the correct address.
- Double check the IP address used in your command, make sure it is correct.
Otherwise, continue with the troubleshooting suggestions on this page.
Add a public IP address
If the connection is routed over the internet then the instance must have a public IP address to connect to the instance. Without a public IP address, the instance is not reachable.
If you created an instance on a public subnet, but didn't assign a public IP address at instance creation, you can still assign the address, see: Assigning an Ephemeral Public IP to an Existing Primary Private IP.
If you didn't create a public subnet, consider using Virtual Networking Quickstart to create a public subnet for any internet connected instances you want to SSH to.
Instance is on a private subnet
If the instance is on a private subnet, you can use a Bastion to connect to your instance. Review the bastion documentation to ensure your private network is configured to meet Bastion requirements.
Verify the network security lists
Oracle Cloud Infrastructure provisions each cloud network with a default set of security lists to permit SSH traffic. If the security list that permits SSH connections is removed, you can't access the instance. Ensure a security list that opens port 22 is present. For more information about security lists, see Security Lists.
Confirm that the instance is accessible
Check the instance accessibility status metric to determine whether the instance is responding to an Address Resolution Protocol (ARP) request. If the ARP ping fails, the metric shows that the instance is unresponsive. If there isn't an ongoing infrastructure issue, then the instance probably has a software issue or a network misconfiguration that you must resolve yourself.
Connect to the serial console
Serial console connections let you remotely troubleshoot malfunctioning instances. For more information, see Troubleshooting Instances Using Instance Console Connections.
From the serial console, you can interrupt the boot process to boot into maintenance mode. In maintenance mode, you can add or reset the SSH key for the opc user.
Confirm that SSH is running on the instance
The steps for confirming that SSH is running vary depending on the operating system. Review the documentation for your operating system to find information that explains how to confirm whether SSH is running.Capture serial console history
You can capture the instance's serial console data history in the Console or by using the console-history resource in the CLI. This information can help determine the cause of connectivity problems.
When using the CLI to capture the instance's serial console data history, include the following option to ensure that full history is captured. Without this option, the data might be truncated: --length 10000000.
Update PuTTY tool
If you are trying to connect to a Linux instance from a Windows system using PuTTY and you receive a failure message stating that the key format is too new, then the PuTTYgen tool and the PuTTY tool are not the same version. Update the PuTTY tool to the latest version.
FAQs
Here are some steps you can take to troubleshoot this error.
- Verify that the host IP address is correct for the Droplet.
- Verify that your network supports connectivity over the SSH port being used. Some public networks may block port 22 or custom SSH ports. ...
- Verify the Droplet firewall rules.
Some common occurrences of the “Connection Refused” error include the absence of an SSH client, lack of an SSH daemon on the remote server, firewall blocking the SSH port, incorrect SSH credentials or port configuration, and the SSH service being down.
How to test an SSH connection? ›
To Test the SSH Setup on a Host
- From another host, use SSH to log in into the host that you are testing as the SSH user. $ ssh -l user-name host-name user-name. The user name for the SSH user's account on the host. ...
- In response to the prompt, type your password. If this step succeeds, your setup of SSH is complete.
How to Fix the SSH Connection Refused Error
- Verify Your SSH Port. ...
- Check Your SSH Login Credentials. ...
- Ensure SSH Is Installed on the Server. ...
- Enable SSH Access on your Server. ...
- Resolve Server Firewall Conflicts with SSH.
Restarting ssh is simple job, exeute:
- # /etc/init.d/ssh restart. OR.
- # service ssh restart. OR.
- $ sudo service ssh restart. If you are using Debian/Ubuntu/Mint Linux with systemd, use the systemctl command:
Launch Control Panel > Administrative Tools > Event Viewer. To see only SSH Server events, select View > Filter to show the filter settings. In the Application Properties > Filter tab, select sshd in the Event source menu to display only SSH Server events. You may also apply other conditions when needed.
How to check if a SSH server is running? ›
You can try ssh localhost to test if it is running; if it respons with something like Connection refused , then it is not running. These commands must be run as root. If the server does not start automatically, try using the service sshd start command, or just reboot the computer.
How do I enable SSH connection? ›
(Select Start, type services.msc in the search box, and then select the Service app or press ENTER .) In the details pane, double-click OpenSSH SSH Server. On the General tab, from the Startup type drop-down menu, select Automatic and then select Ok. To start the service, select Start.
How do I get SSH to work? ›
How to Connect via SSH
- Open the command line/terminal window and run the following ssh command: ssh [username]@[host_ip_address] ...
- When connecting to the server for the first time, a message appears asking to confirm the connection. ...
- Provide the password when prompted and press Enter.
6 ways to fix the SSH connection refused error
- Change the SSH port number. ...
- Double-check the credentials. ...
- Make sure SSH is enabled. ...
- Make sure SSH client is installed. ...
- Ensure SSH Daemon is installed on the server. ...
- Check your firewall settings.
To list all connected SSH sessions, you can use the “who -a” command. The -a option shows all users, including those who are not logged in through the system console. The result will show your username, terminal, and login date and time.
How do you check if SSH is configured or not? ›
Check whether you have enabled SSH
- To check whether the SSH server has been installed, run the following command: systemctl -t service|grep sshd.
- If the SSH isn't installed on your node, run the following commands to install and start the SSH server. yum install openssh-server. systemctl enable sshd. systemctl start sshd.
Troubleshooting the SSH Connection
- Verify the connection. Linux or MacOS. ...
- Add a public IP address. ...
- Instance is on a private subnet. ...
- Verify the network security lists. ...
- Confirm that the instance is accessible. ...
- Connect to the serial console. ...
- Confirm that SSH is running on the instance. ...
- Capture serial console history.
If a firewall on your local machine, within your network, or on the server is configured to block the SSH port (typically port 22), it will prevent an SSH connection. To resolve this, you need to adjust the firewall settings to allow traffic through the SSH port.
How to reboot a SSH server? ›
Let us follow the steps:
- Use SSH to access your server.
- Run this command by typing it in: sudo reboot.
- Your session will automatically end and the interface will exit once SSH starts the server reboot.
Windows operating systems
- Start PuTTY.
- Load your connection session.
- In the Category pane, click Connection.
- Under Sending of null packets to keep session active, in the Seconds between keepalives, type 240. ...
- In the Category pane, click Session.
- Click Save.
- Connect to your account and monitor the connection.
You can try ssh localhost to test if it is running; if it respons with something like Connection refused , then it is not running. These commands must be run as root. If the server does not start automatically, try using the service sshd start command, or just reboot the computer.
How can I improve my SSH connection? ›
Steps to improve SSH performance:
- Disable reverse DNS lookup on the SSH server. ...
- Disable GSSAPI authentication on the SSH server. ...
- Enable multiplexing to share and reuse SSH connections. ...
- Specify the authentication method manually in the SSH client. ...
- Use passwordless authentication. ...
- Use faster encryption algorithms.
