SSH Connection Refused: How to Fix Port 22 Connection Refused on VPS
ssh: connect to host X.X.X.X port 22: Connection refused is one of the most common errors when connecting to a fresh or recently modified VPS. It almost always has a clear cause.
Quick Diagnosis Checklist
Run these checks in order. Stop at the first one that explains your issue.
- Is the server actually online? Ping it:
ping X.X.X.X - Did you change the SSH port? Try
ssh -p YOUR_PORT [email protected] - Is the firewall blocking port 22?
- Is the SSH daemon running?
- Did the SSH daemon crash due to a config error?
Cause 1: SSH daemon is not running
This is the most common cause after an accidental config change or interrupted upgrade.
Fix via VNC / rescue console:
Log into your server through the VMHeaven control panel VNC console (no SSH required). Then:
# Check if sshd is running
systemctl status ssh
# or on some distros:
systemctl status sshd
# Start it
systemctl start ssh
# Enable auto-start on boot
systemctl enable ssh
If systemctl start ssh fails, check the logs immediately:
journalctl -xeu ssh --no-pager | tail -40
The most common log errors and their fixes are:
| Log message | Cause | Fix |
|---|---|---|
Bad configuration option | Typo in sshd_config | Fix the line shown in the error |
Missing privilege separation directory | /run/sshd missing | mkdir -p /run/sshd && chmod 0755 /run/sshd |
Could not load host key | Host keys deleted | ssh-keygen -A |
Address already in use | Port conflict | Change port in sshd_config or kill conflicting process |
Cause 2: Firewall blocking port 22
UFW (Ubuntu/Debian default):
ufw status
ufw allow 22/tcp
ufw reload
iptables:
iptables -L INPUT -n --line-numbers | grep 22
# If no ACCEPT rule exists for port 22:
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT
firewalld (CentOS/AlmaLinux/Fedora):
firewall-cmd --list-ports
firewall-cmd --permanent --add-port=22/tcp
firewall-cmd --reload
Also check whether VMHeaven's external firewall/security group is blocking the port via the control panel.
Cause 3: Wrong SSH port
If you previously changed the default SSH port, connect with the explicit port flag:
ssh -p 2222 [email protected]
To find out which port sshd is actually listening on (requires VNC/rescue access):
ss -tlnp | grep ssh
# or
grep -i ^port /etc/ssh/sshd_config
Cause 4: SSH config syntax error after editing sshd_config
Always validate config before reloading SSH:
sshd -t
If this outputs errors, fix them before running systemctl restart ssh. A broken restart will drop your current session and prevent reconnection.
Safe way to apply sshd_config changes:
sshd -t && systemctl reload ssh
reload sends SIGHUP (re-reads config for new sessions) without killing existing connections. Only use restart if you absolutely need to.
Cause 5: Server is in rescue mode or not fully booted
If you recently performed a disk operation, kernel upgrade, or the VPS crashed, it may have booted into rescue mode with a minimal environment where SSH is not running.
Check the VNC console in the VMHeaven panel to see the current boot state. If you see a rescue prompt, either exit rescue mode from the panel or set up SSH manually within the rescue environment.
After fixing: Test before closing your session
Once SSH is reachable again, test from a second terminal before closing your working VNC/rescue session:
ssh -v [email protected]
The -v flag shows verbose output so you can confirm exactly which step succeeds.