Ubuntu SSH Connection Refused Error Explained

When attempting to connect to an Ubuntu Linux machine via SSH, encountering a “connection refused” error indicates that your client successfully reached the destination IP address, but the target server actively rejected the connection attempt. This article explains the primary causes of this error—such as an inactive SSH service, firewall blocks, or incorrect port configurations—and provides straightforward troubleshooting steps to resolve the issue quickly.

Common Causes of SSH Connection Refused

The “connection refused” error is distinct from a “connection timed out” error. A timeout means the server did not respond at all (often due to network or routing issues), whereas a refusal means the server is online but refuses to accept the connection on the requested port.

Here are the most common reasons for this behavior and how to fix them.

1. The SSH Service is Not Running or Installed

By default, desktop versions of Ubuntu do not come with the SSH server pre-installed, and sometimes the service may simply be stopped on Ubuntu Server.

How to check: Run the following command on the target Ubuntu machine to see if the SSH service is active:
```
sudo systemctl status ssh
```
How to fix: If the service is inactive, start it using:
```
sudo systemctl start ssh
```
If SSH is not installed at all, install it by running:
```
sudo apt update
sudo apt install openssh-server
```

2. SSH is Using a Non-Standard Port

By default, SSH traffic goes through port 22. If the Ubuntu server has been configured to use a different port for security reasons, attempting to connect via port 22 will result in a connection refused error.

How to check: Open the SSH configuration file on the server to verify the port:
```
grep "Port" /etc/ssh/sshd_config
```
How to fix: If the port is set to something other than 22 (for example, 2222), you must specify this port when connecting from your client:
```
ssh -p 2222 username@server_ip
```

3. Firewall Rules are Blocking the Connection

Even if the SSH service is running, the Ubuntu Uncomplicated Firewall (UFW) or an external cloud firewall (like AWS Security Groups) might be blocking incoming traffic on your SSH port.

How to check: Check the status of the local UFW firewall on the Ubuntu machine:
```
sudo ufw status
```
How to fix: If UFW is active and not allowing SSH, allow the traffic with:
```
sudo ufw allow ssh
```
Or, if you are using a custom port:
```
sudo ufw allow [custom_port]/tcp
```

4. IP Address Conflict or Incorrect IP

If you are attempting to connect to the wrong IP address, you might be targeting another machine on the network that does not have SSH enabled, resulting in a connection refusal.

How to check: Verify the IP address of the destination Ubuntu machine by running:
```
ip a
```
How to fix: Double-check the IP address in your SSH command to ensure you are targeting the correct machine.