The 'ssh: connect to host github.com port 22: Connection timed out' error occurs when your SSH client cannot establish a connection to GitHub's SSH server. This is commonly caused by firewalls or proxies blocking port 22, and can be resolved by using SSH over port 443 or switching to HTTPS.
The "ssh: connect to host github.com port 22: Connection timed out" error indicates that your SSH connection attempt to GitHub failed because the connection could not be established within the timeout period. Port 22 is the standard SSH port, and when it's blocked, your Git operations over SSH (clone, push, pull, fetch) cannot communicate with GitHub's servers. This error is particularly common in corporate networks, educational institutions, and public WiFi environments where network administrators often block non-essential ports including port 22. The connection "times out" rather than being immediately refused because the packets are typically silently dropped by the firewall rather than actively rejected. The good news is that GitHub provides an alternative SSH endpoint on port 443 (the standard HTTPS port), which is almost never blocked since it would break all secure web traffic. This makes the error relatively straightforward to work around once you know the solution.
GitHub offers SSH connectivity over port 443, which bypasses most firewall restrictions. Test if this alternative works:
ssh -T -p 443 [email protected]If successful, you'll see:
Hi username! You've successfully authenticated, but GitHub does not provide shell access.If this works, proceed to the next step to make this configuration permanent.
Create or edit your SSH config file to always use port 443 when connecting to GitHub:
# Create the .ssh directory if it doesn't exist
mkdir -p ~/.ssh
# Edit (or create) the SSH config file
nano ~/.ssh/configAdd the following configuration:
Host github.com
Hostname ssh.github.com
Port 443
User gitSave the file, then test your connection:
ssh -T [email protected]Your Git operations should now work normally without any changes to your remote URLs.
Instead of modifying your SSH config, you can configure Git to automatically rewrite GitHub URLs:
git config --global url."ssh://[email protected]:443/".insteadOf "[email protected]:"This tells Git to automatically convert any [email protected]: URLs to use the port 443 endpoint. To verify the configuration:
git config --global --get-regexp urlTo undo this configuration later:
git config --global --unset url."ssh://[email protected]:443/".insteadOfIf SSH continues to be problematic, you can switch your repository to use HTTPS:
# Check your current remote URL
git remote -v
# Change from SSH to HTTPS
git remote set-url origin https://github.com/username/repository.gitFor authentication with HTTPS, you'll need to use either:
- A Personal Access Token (PAT) instead of your password
- Git Credential Manager for caching credentials
To create a PAT: Go to GitHub Settings > Developer settings > Personal access tokens > Generate new token.
Ensure your SSH key is correctly set up with GitHub:
# List your SSH keys
ls -la ~/.ssh
# Check if ssh-agent is running and has your key
eval "$(ssh-agent -s)"
ssh-add -l
# If no keys are listed, add your key
ssh-add ~/.ssh/id_ed25519
# or for RSA keys:
ssh-add ~/.ssh/id_rsaVerify your public key is added to GitHub:
1. Copy your public key: cat ~/.ssh/id_ed25519.pub
2. Go to GitHub > Settings > SSH and GPG keys
3. Ensure your key is listed there
Verify basic network connectivity and DNS resolution:
# Test DNS resolution
nslookup github.com
# or
dig github.com
# Test if you can reach GitHub at all
ping github.com
# Test HTTPS connectivity
curl -v https://github.comIf DNS fails, try using a different DNS server:
# Temporarily use Google DNS (Linux)
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf
# Or Cloudflare DNS
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.confYour local firewall might be blocking outbound SSH connections:
On Linux (iptables/ufw):
# Check UFW status
sudo ufw status
# Temporarily disable to test
sudo ufw disable
# Test SSH, then re-enable
sudo ufw enableOn Windows:
1. Open Windows Defender Firewall
2. Click "Allow an app or feature through Windows Defender Firewall"
3. Ensure your Git/SSH client is allowed for outbound connections
On macOS:
# Check if the firewall is enabled
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
# Temporarily disable for testing
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate offAs a diagnostic step, try connecting from a different network:
- Switch from WiFi to mobile hotspot
- Try from home if you're at the office (or vice versa)
- Use a VPN to route around network restrictions
If the connection works on a different network, the issue is definitely with your original network's firewall or proxy configuration. You'll need to use the port 443 workaround or HTTPS method described above.
### SSH Config File Syntax
The SSH config file (~/.ssh/config) supports multiple hosts with different configurations. Here's a more complete example:
# GitHub using port 443
Host github.com
Hostname ssh.github.com
Port 443
User git
IdentityFile ~/.ssh/github_key
# GitLab (if also blocked)
Host gitlab.com
Hostname altssh.gitlab.com
Port 443
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/gitlab_key
# Keep-alive to prevent disconnection
Host *
ServerAliveInterval 60
ServerAliveCountMax 3### Why Port 443 Works
Port 443 is the standard port for HTTPS traffic. Blocking it would break virtually all secure web browsing, so it's almost never restricted. GitHub runs an SSH server on this port specifically to help users behind restrictive firewalls.
The trade-off is that the hostname changes from github.com to ssh.github.com, which is why the SSH config mapping is needed.
### Debugging SSH Connections
For verbose output that helps diagnose connection issues:
# Single verbose flag
ssh -vT [email protected]
# Maximum verbosity
ssh -vvvT -p 443 [email protected]Look for lines like:
- debug1: Connecting to... - Shows where SSH is trying to connect
- debug1: Connection established - Confirms the TCP connection worked
- debug1: identity file... - Shows which SSH key is being used
### Corporate Proxy with SSH
If your network requires a proxy, you can use ProxyCommand in your SSH config:
Host github.com
Hostname ssh.github.com
Port 443
User git
ProxyCommand connect -H proxy.company.com:8080 %h %pYou'll need the connect utility (part of connect-proxy package on Linux) or use nc (netcat) with the appropriate flags.
### Windows-Specific Notes
On Windows, the SSH config file is located at:
- Git Bash: ~/.ssh/config (same as Unix)
- Windows native: C:\Users\YourUsername\.ssh\config
If using PuTTY or Pageant for SSH, you'll need to configure the port 443 connection in PuTTY's settings rather than the SSH config file.
### GitHub Actions and CI/CD
In CI/CD environments, you may need to configure SSH for the runner:
- name: Configure SSH for GitHub
run: |
mkdir -p ~/.ssh
echo "Host github.com" >> ~/.ssh/config
echo " Hostname ssh.github.com" >> ~/.ssh/config
echo " Port 443" >> ~/.ssh/config
echo " User git" >> ~/.ssh/configkex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to access: no_proxy configuration not working
How to fix 'no_proxy configuration not working' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git