[Solved] ‘SSH Connection refused in DigitalOcean’

In this article, we are going to discuss four primary reasons behind the error ‘SSH Connection refused in DigitalOcean’ and how to fix those errors. SSH clients such as Putty and OpenSSH are used to manage remote Linux servers with SSH installed on them, but sometimes users get a particular error such as ‘SSH connection refused’ in the DigitalOcean Droplets.

If you are looking for managed service you can visit our DigitalOcean Cloud Plans, where we do everything for you and let you run your business with ease.

It’s a significant challenge for sysadmins and direct users to know the possible four reasons to access their servers. We are going to understand the complexity behind this error and how our technical support staff fixes it.


What is SSH?

SSH is known as a secure shell or secure socket shell is a protocol network that mainly used by system administrators to access their server from an unsecured network in a safer way.

SSH is the best way to access remote Linux servers and it is already installed by default on most of the Linux distributions. Users can use various ssh clients to access remote SSH, such as Putty for Windows or use terminal directly if your OS is Linux.

What is the meaning of the error ‘SSH connection refused in DigitalOcean’?

First, it is important to understand the SSH connection refused error. When the connection request is properly routed to SSH Host, but the host doesn’t accept that request and send an acknowledgment message as mentioned below:

ssh: connect to host 192.168.xxx.xxx port xx: Connection refused

This message is sent to droplet owners for affirmation. There can be many reasons behind it, but we will discuss four major reasons.


What are the causes and how to fix the error ‘SSH connection refusal in DigitalOcean’?

After checking every possibility that causes this error, it is important to access your droplet from the DigitalOcean console window to troubleshoot the problem (troubleshooting requires console access, so this step is a must).

Droplet > Access Console

 

Access Console of a droplet in digitalocean

Once you click on the Access Console, a new window opens to troubleshoot your error from the console.

Centos Linux 7 Kernel to troubleshoot the error

According to our experience in the past, let’s discuss the four primary reasons behind the error ‘SSH Connection refused in DigitalOcean’ and How to get it Fixed.

SSH Service Connection Fails

Problem: SSH service uses sshd daemon to listen to the incoming connections and handles user authentication, terminal connections, and many more. If this service crashes, the connection fails, and results in SSH Connection refused error in DigitalOcean servers.

Solution: Technical staff identifies and researches on the root cause of service failures. The reasons can be traffic impales, disk errors, resource breakdowns, DDoS attacks, and many more.

Sometimes the backend service fails or doesn’t respond. In this case, technical staff kill the dead process and restart the service. For example, In CentOS 7 droplet, we restart the SSH service using the below command:

 

systemctl restart sshd

 

After a restart, we confirm that the SSH is running and the output shows like this:

 

sshd.service – OpenSSH server daemon

Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)

Active: active (running) since Mon xxx-xx-xx xx:xx:xx GMT; x days ago

 

Wrong Selection of SSH Port

Since standard ports are more vulnerable to attack, many web hosts change the SSH port to a custom port.

So, if Droplet owners access their servers using the wrong port, they will be knocked out with the error SSH Connection refused.

Problem: Since standard ports are weak to attack and many web hosts change the SSH port to a custom port for security purposes, and that causes the error of SSH Connection refused when accessed by a droplet owner.

Solution: There are two ways to check the correct SSH port. First, technical staff access the droplet via a console and check the SSH configuration file. By default SSH configuration file is saved at /etc/ssh/sshd_config. To identify the port that is set in the system, we check the Port Parameter in the ssh_config file.

The second way is to check the SSH port using netstat command. The output shows the port that listens to the custom port or not. If it is on the custom port, then technical staff change the custom port to the correct port.

Restriction of the firewall

Problem: Another reason for SSH connection refused error is improper firewall configurations. Some public networks may block the default SSH port 22 or custom SSH port, if the default port is blocked on the firewall it should be opened and in case you have changed to use another port make sure it is added to the firewall so that SSH can be assessed.

Solution: In this case, technical staff checks the firewall rules that are configured on the server. Second, the connectivity to the SSH port from the external network is evaluated with the help of the following command:

telnet IP PORT

Now, replace the IP with the droplet IP address and port with SSH port. Also, we study the configured rules of the firewall, and if one of them denies the connection to port 22, then that rule is removed instantly from the firewall configuration.

In CentOS7 servers, if the rule exists to reject or drop incoming connections on the SSH port, then that rule is removed instantly from the firewall. Furthermore, we edit the firewall configuration to allow connections to the SSH port with the help of the following command:

iptables -A INPUT -p tcp –dport 22 -j ACCEPT

 

Wrong Selection of Host IP Address

Problem: One of the four reasons behind SSH connection refused error is the incorrect selection of IP address or IP conflict. In simple words, when multiple droplets use the same IP address, then this error occurs, and if someone uses the wrong IP address.

Solution: To resolve this error, we check the droplet IP address from Manage>Networking > PTR Records in the DigitalOcean control panel. Furthermore, we use tools like nmap to check the droplets that are running on the network, and if the IP of the droplet conflicts, then that is instantly changed after confirmation with the customer.

Networking option in digitalocean to manage IP address of your droplet


Conclusion

In this article, we have discussed four significant reasons behind the error ‘SSH Connection refused in DigitalOcean’ and how to get them fixed. Furthermore, we have analyzed the solutions to four major problems that are solved and fixed by sysadmins to access customer’s servers from SSH using Putty or OpenSSH. You must have understood the complexity behind this error and how technical support staff fixes it.

Leave a Reply

Your email address will not be published. Required fields are marked *