If there is an issue with SSH on your VPS, this guide will provide basic steps to investigate SSH connection issue.
VPS password is not correct
If you cannot connect to your VPS with your current VPS password, or you forgot it, you can connect to our client area and reset your VPS root password. Here is a guide how to do it.
Unresponsive SSH connection
If your SSH connection attempts are timing out or are being immediately rejected, then your SSH service might not be running, or your firewall might block SSH connections.
So you can connect to your VPS via Emergency Console.
How to check SSH status?
To check your SSH service status, you need to connect to your VPS and run one of these commands:
1) Ubuntu / Debian:
sudo systemctl status ssh -l
2) AlmaLinux / Rocky Linux:
sudo systemctl status sshd -l
How to restart SSH service?
If the output shows that your SSH is not running, then try to restart your SSH.
Ubuntu / Debian:
sudo systemctl restart ssh
AlmaLinux / Rocky Linux:
sudo systemctl restart sshd
Enable SSH service to start on boot
Run these commands to enable SSH service on boot.
Ubuntu / Debian:
sudo systemctl enable ssh
AlmaLinux / Rocky Linux:
sudo systemctl enable sshd
Check SSH logs
If it won't help, then check your VPS logs of SSH:
Ubuntu / Debian:
sudo journalctl -xe
sudo cat /var/log/auth.log
The first command sudo journalctl -xe reads the systemd journal, which is the main unified log system on modern Linux.
-xadds explanatory help text if available.-ejumps to the end (latest entries).
It shows:
live system events from all services, including
ssh.Includes messages not yet written to
/var/log/auth.log.Can be filtered by service, time, priority, etc. (e.g.
journalctl -u ssh).Works on all systemd-based distros (Ubuntu 22/24, Debian 10/11, AlmaLinux/Rocky 8/9).
Use when you want real-time, broad troubleshooting info or you suspect service startup issues.
Second command sudo cat /var/log/auth.log reads the plain-text authentication log on Debian/Ubuntu systems. It contains authentication-related events (logins, SSH attempts, sudo, su, etc.).
AlmaLinux / Rocky Linux:
sudo journalctl -xe
sudo cat /var/log/secure
Second command (sudo cat /var/log/secure) is the Red Hat-family equivalent of var/log/auth.log command, used on AlmaLinux and Rocky Linux.
SSH is running on a non-standard port
If SSH status is active, make sure on what port SSH service is running. Run this command on your server to check which port is used by SSH:
sudo ss -tulpn | grep ssh
What it shows:
Active listening sockets (
-l)TCP/UDP protocols (
-tu)Process IDs and names (
-p)Numeric ports (
-n)Filters output to lines containing
ssh
Example output:
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1234,fd=3))In this example:
LISTEN
This is the socket state. It shows the port is actively listening for incoming connections.0
This is the current receive queue size (how many bytes are waiting to be read). Zero means none are waiting.128
This is the maximum backlog size for queued connections waiting to be accepted. 128 is a typical default.0.0.0.0:22
This is the local address and port.
0.0.0.0means it is listening on all IPv4 interfaces.
:22is the port number - the default SSH port.0.0.0.0:*
This is the remote address and port filter.
*means it will accept connections from any IP and any port.users:(("sshd",pid=1234,fd=3))
This shows which process is using the port.
sshdis the process name.
pid=1234is its process ID.
fd=3is the file descriptor number it’s using for the socket.
In this example we see that SSH is running and listening on port 22.
Misconfigured firewall rules for SSH service
If you can start the SSH service successfully, but your connections still time out or are rejected, then review your firewall rules. It might be that you have blocked SSH connection on your firewall.
To check that, you can review your current firewall ruleset:
IPv4:
sudo iptables -L -n
IPv6:
sudo ip6tables -L -n
Also, if you have configured on your VPS FirewallD or UFW, make sure if you are running either package with these commands:
sudo ufw status
sudo firewall-cmd --state
When the rules will be listed, make sure that your rule for SSH looks something like this:
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
The rule says that you allow SSH connection in your VPS.
Disabling firewall rules
Additionally, for some time, you might to disable the firewall on your VPS to be sure that it is not a reason why you cannot connect to your VPS via SSH.
Note 1: The disabled firewall increases the security risk on your VPS, so make sure that you will re-enable it after you investigate your firewall configuration.
1. To do that, you can create a backup of your VPS firewall rules:
sudo iptables-save > ~/iptables.txt
2. Then set the INPUT, FORWARD and OUTPUT packet policies as ACCEPT:
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
3. After that, you need to flush the nat table that is consulted when a packet that creates a new connection is encountered:
sudo iptables -t nat -F
4. Further, you need to flush the mangle table too that is used for specialized packet alteration:
sudo iptables -t mangle -F
5. And additionally flush all the chains in the table:
sudo iptables -F
6. In the end, delete every non-built-in chain in the table:
sudo iptables -X
Note 2: You might need to do all these steps with ip6tables command to flush your IPv6 rules.
Note 3: Do not miss to use a different name for the IPv6 rules file.
Rejected SSH logins
If SSH is listening and accepting connections but is rejecting login attempts, you should check logs of rejected attempts.
Also, make sure that logins are not disabled for the root user. It can be checked with the command:
grep PermitRootLogin /etc/ssh/sshd_config
Note 4: If the value of the PermitRootLogin is no, then try logging in with another user. Or, set the value in /etc/ssh/sshd_config to yes. After that, you need to restart SSH, and try logging in as root again.
To restart SSH, run these commands:
Ubuntu / Debian:
systemctl restart ssh
AlmaLinux / Rocky Linux:
systemctl restart sshd