Encountering an "ssh connect to host connection refused port 22" message is a common yet frustrating hurdle for system administrators and developers. This specific error indicates that your client successfully reached the network location of the target server, but the SSH daemon (sshd) was not available to accept the connection on the standard port 22. The refusal usually stems from the service being down, misconfigured, or blocked by a firewall, effectively creating a communication dead end between your machine and the remote host.
Diagnosing the Core Issue
The error message itself provides the first clues to troubleshooting. The phrase "connection refused" is distinct from a timeout or network unreachable error; it implies that a TCP packet was sent and a reset packet was returned, signaling that nothing is listening on that port. Before diving into complex configurations, you must verify the obvious: is the SSH service actually running on the remote machine? This is the most frequent cause of the "connection refused port 22" scenario, often resulting from a recent system crash, a failed update, or a manual stop command.
Checking the Remote Service Status
If you have console access through a data center provider or a control panel like cPanel or Plesk, you can directly check the status of the SSH daemon. On systems using systemd, the command `sudo systemctl status sshd` or `sudo systemctl status ssh` will reveal if the service is active and running. If the output indicates that the service is inactive or failed, you can attempt to restart it with `sudo systemctl restart sshd`, which often resolves the refusal issue immediately.
Firewall and Network Configuration
Another prevalent cause is a misconfigured firewall blocking the port. Even if the SSH daemon is running perfectly, a security rule on the server or an intermediate network device can drop incoming packets to port 22. Cloud providers like AWS, Google Cloud, and Azure maintain separate security groups and firewall rules that must explicitly allow inbound traffic on port 22. You must verify that the server's local firewall (such as `iptables` or `ufw` on Linux) is not intercepting and rejecting your connection attempts.
Verifying the SSH Daemon Configuration
The SSH daemon operates based on the configuration file located at `/etc/ssh/sshd_config`. A misconfiguration here can prevent the service from binding to the correct interface or port. It is possible that the `Port` directive was changed to a non-standard number, or the `ListenAddress` directive is set to an IP address that your current network interface does not use. Reviewing this file for typos or incorrect settings is essential, and you should use `sshd -t` to test the configuration for syntax errors before restarting the service.
