The 'ssh: connect to host github.com port 22: No route to host' error means your system cannot find a network path to reach GitHub's SSH server. This typically indicates a network-level issue such as firewall blocking, incorrect routing, or the SSH port being filtered by your ISP or network administrator.
The "ssh: connect to host github.com port 22: No route to host" error is a network-layer failure that occurs when your operating system cannot establish a route to reach GitHub's SSH server on port 22. Unlike a "Connection refused" error (where the host is reached but rejects the connection) or "Connection timed out" (where packets are sent but no response is received), "No route to host" indicates that your system's network stack has determined there is no valid path to the destination. This error typically originates from one of three places: your local firewall actively blocking the connection, a router or gateway along the path rejecting the traffic, or ICMP "destination unreachable" messages being sent back from network infrastructure. The error is common in corporate networks, educational institutions, and environments where network administrators deliberately block SSH traffic on port 22. The good news is that GitHub provides an alternative SSH endpoint on port 443 (ssh.github.com), which is rarely blocked since blocking it would disrupt all HTTPS web traffic. This makes the error relatively straightforward to work around once you identify it as a port blocking issue.
First, confirm that your network connection is working and that you can reach GitHub:
# Test if you can ping GitHub (may fail if ICMP is blocked, but worth checking)
ping -c 4 github.com
# Test DNS resolution
nslookup github.com
# or
host github.com
# Test HTTPS connectivity (should work if only port 22 is blocked)
curl -I https://github.comIf DNS resolution fails, you have a DNS problem, not a routing problem. If ping fails but curl works, ICMP may be blocked which is normal on many networks. If curl to HTTPS works, proceed to test SSH on port 443.
GitHub provides an alternative SSH server on port 443, which is almost never blocked since it would break HTTPS:
ssh -T -p 443 [email protected]If successful, you'll see:
Hi username! You've successfully authenticated, but GitHub does not provide shell access.If this works, port 22 is being blocked and you should configure SSH to use port 443 permanently (next step).
Edit your SSH config file to always use port 443 when connecting to GitHub:
# Create .ssh directory if it doesn't exist
mkdir -p ~/.ssh
# Edit (or create) the SSH config file
nano ~/.ssh/configAdd the following configuration:
Host github.com
Hostname ssh.github.com
Port 443
User gitSave the file and set appropriate permissions:
chmod 600 ~/.ssh/configTest the connection:
ssh -T [email protected]Your Git operations should now work without modifying any repository URLs.
Instead of modifying SSH config, you can configure Git to rewrite GitHub URLs:
git config --global url."ssh://[email protected]:443/".insteadOf "[email protected]:"This automatically converts any [email protected]: URLs to use the port 443 endpoint. Verify the configuration:
git config --global --get-regexp urlTo remove this configuration later:
git config --global --unset url."ssh://[email protected]:443/".insteadOfYour local firewall might be blocking outbound SSH:
On Linux (ufw):
# Check UFW status
sudo ufw status verbose
# Temporarily disable to test
sudo ufw disable
# After testing, re-enable
sudo ufw enableOn Linux (iptables/firewalld):
# Check if port 22 outbound is allowed
sudo iptables -L OUTPUT -n -v | grep 22
# For firewalld (RHEL/CentOS/Fedora)
sudo firewall-cmd --list-allOn Windows:
1. Open Windows Defender Firewall
2. Click "Allow an app through firewall"
3. Ensure Git, OpenSSH, or your SSH client is allowed for outbound connections
On macOS:
# Check firewall status
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
# List blocked applications
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --listappsUse traceroute to identify where the packets are being dropped:
# On Linux
traceroute -T -p 22 github.com
# On macOS
traceroute -P tcp -p 22 github.com
# On Windows (PowerShell)
Test-NetConnection -ComputerName github.com -Port 22 -InformationLevel DetailedThe traceroute output shows each hop your packets take. If you see asterisks (*) or the route stops at a certain hop, that's where your traffic is being blocked. This is often at:
- Your local router (first few hops)
- Your ISP's gateway
- A corporate firewall
If SSH continues to be problematic, switch your repositories to use HTTPS:
# Check current remote URL
git remote -v
# Change from SSH to HTTPS
git remote set-url origin https://github.com/username/repository.gitFor HTTPS authentication, you'll need a Personal Access Token (PAT):
1. Go to GitHub > Settings > Developer settings > Personal access tokens
2. Generate new token with appropriate scopes (repo access)
3. Use the token as your password when prompted
To cache credentials so you don't have to re-enter them:
# Cache credentials for 1 hour
git config --global credential.helper 'cache --timeout=3600'
# Or use the system credential manager
git config --global credential.helper storeAs a diagnostic step, test from a different network:
- Use your mobile phone as a hotspot
- Connect from home if you're at the office (or vice versa)
- Use a VPN to route around network restrictions
- Try from a coffee shop or public WiFi
If SSH works on a different network, the issue is definitively with your original network's configuration. Your options are:
1. Use the port 443 workaround (recommended)
2. Use HTTPS instead of SSH
3. Request that your network administrator unblock port 22 to github.com
### Understanding "No Route to Host" vs Other SSH Errors
| Error Message | Meaning |
|--------------|---------|
| No route to host | Network layer failure - no path to destination exists |
| Connection refused | Host reached, but port is not open or actively rejecting |
| Connection timed out | Packets sent but no response (often firewall silently dropping) |
| Host key verification failed | Connected successfully but SSH key mismatch |
"No route to host" is typically faster to fail than "Connection timed out" because the network stack immediately knows there's no valid route rather than waiting for a response.
### Verbose SSH Debugging
For detailed connection debugging:
# Single verbose flag
ssh -vT [email protected]
# Maximum verbosity (shows all negotiation details)
ssh -vvvT -p 443 [email protected]Key lines to look for:
- debug1: Connecting to github.com... - Where SSH is trying to connect
- debug1: connect to address X.X.X.X port 22: No route to host - Confirms the error
- debug1: Connection established - Success indicator
### Multiple Git Hosting Services
If you use multiple services (GitHub, GitLab, Bitbucket), you can configure all of them in your SSH config:
# GitHub on port 443
Host github.com
Hostname ssh.github.com
Port 443
User git
# GitLab on port 443 (also supports this)
Host gitlab.com
Hostname altssh.gitlab.com
Port 443
User git
# Keep-alive for all connections
Host *
ServerAliveInterval 60
ServerAliveCountMax 3### Corporate Proxy Configuration
If your network requires a proxy, use ProxyCommand:
Host github.com
Hostname ssh.github.com
Port 443
User git
ProxyCommand connect -H proxy.company.com:8080 %h %pThe connect utility is from the connect-proxy package on Linux. On macOS, you can use:
brew install connect### Windows-Specific Configuration
On Windows, the SSH config file location depends on your setup:
- Git Bash: ~/.ssh/config (same as Unix)
- Windows OpenSSH: C:\Users\YourName\.ssh\config
- PuTTY: Configure in PuTTY's session settings, not a config file
### Checking Route Tables
To see your system's routing table:
# Linux
ip route show
# or
netstat -rn
# macOS
netstat -rn
# Windows
route printIf you see an unusual default gateway or missing routes, that could explain the error. This is rare but can happen with misconfigured VPN clients.
kex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to access: no_proxy configuration not working
How to fix 'no_proxy configuration not working' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git