SSH Access Issues and Solutions

SSH (Secure Shell) is one of the most widely used remote access protocols for managing Linux servers. However, SSH connection issues can pose serious obstacles for system administrators.

Common Causes of SSH Access Problems

1. Incorrect IP or Hostname:
   • Using the wrong IP address or domain name.
   • The server's IP address has changed.
2. SSH Service Not Running:
   • If the sshd service is down, you can't connect.
   • Check status using systemctl status sshd.
3. Wrong SSH Port:
   • Default SSH port is 22, but some servers use a custom port.
   • Verify the port in the sshd_config file.
4. Firewall Blocking Access:
   • Rules from iptables, ufw, or a cloud provider might block SSH.
   • Allow access using ufw allow 22/tcp or iptables -A INPUT -p tcp --dport 22 -j ACCEPT.
5. Incorrect Authorization Settings:
   • Misconfigured SSH key permissions.
   • Wrong configuration in ~/.ssh/authorized_keys.
6. Invalid SSH Key or Password:
   • Wrong permissions on the SSH key file.
   • Incorrect user password.
7. Brute Force Protection:
   • Security tools like Fail2Ban may block your IP after failed login attempts.
   • Check using fail2ban-client status sshd.

Diagnosing SSH Access Issues

1. Check SSH Service Status

• Use systemctl status sshd to verify it's running.
• Restart with systemctl restart sshd if needed.

2. Check SSH Port

• Run netstat -tulnp | grep ssh or ss -tulnp | grep ssh.
• If using a custom port, check /etc/ssh/sshd_config.

3. Check Firewall and Network Rules

• Use iptables -L -n or ufw status to verify rules.
• Reset firewall with iptables -F to test connection.

4. Inspect SSH Logs

• Check logs with:
  • Debian/Ubuntu: tail -f /var/log/auth.log
  • CentOS/RHEL: tail -f /var/log/secure

5. Review SSH Key and Authorization

• Set correct permissions: chmod 600 ~/.ssh/authorized_keys
• Debug with: ssh -vvv user@server_ip

Fixing SSH Access Problems

1. Restart SSH and Validate Port

sudo systemctl restart sshd

If using a custom port:

ssh -p 2222 user@server_ip

Ensure Port 22 is set correctly in /etc/ssh/sshd_config.

2. Adjust Firewall and Security Rules

sudo ufw allow 22/tcp
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

If blocked by Fail2Ban:

sudo fail2ban-client set sshd unbanip YOUR_IP_ADDRESS

3. Correct SSH Authorization Settings

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

To generate and add a new SSH key:

ssh-keygen -t rsa -b 4096
ssh-copy-id user@server_ip

4. Check IP Address Changes

dig +short myip.opendns.com @resolver1.opendns.com

If your server’s IP has changed, update your DNS records and access lists accordingly.