This error occurs when an SSH client cannot establish a TCP connection to the SSH server on the remote host. It typically indicates a network connectivity issue, incorrect hostname/port, or the SSH service isn't running or accessible.
The "connect_to hostname port port: failed" error appears when the SSH client attempts to open a TCP socket connection to the specified host and port but the connection fails before the SSH protocol negotiation even begins. This is a lower-level network error that indicates the client cannot reach the server's SSH port. Unlike connection refused or timeout errors, this generic "failed" error can indicate various network issues including unreachable hosts, firewall blocks, DNS resolution problems, or network interface issues.
First, double-check the hostname and port you're using. The default SSH port is 22, but some servers use non-standard ports:
# Test with explicit hostname and port
ssh -p 22 [email protected]
ssh -p 2222 [email protected] # If using non-standard portVerify you have the correct hostname. Try using the IP address directly to rule out DNS issues:
ssh -p 22 [email protected]Verify that the hostname resolves to an IP address:
nslookup example.com
dig example.com
# On Windows:
nslookup example.comIf the hostname doesn't resolve, it won't work. Check:
- The hostname spelling is correct
- You have an active internet connection
- Your DNS resolver is working
- The domain actually exists
If DNS resolution fails, either use the IP address directly or fix your DNS settings.
Test if the remote host is reachable at all:
ping -c 4 example.com
# On Windows:
ping example.comIf ping fails, the host is unreachable due to network issues. Check:
- The host is actually online
- Network cables/WiFi connection is active
- No firewall is blocking ICMP traffic
- The IP address/hostname is correct
If the host is offline or unreachable, that's the root cause of the SSH connection failure.
Test if the specific SSH port is open and accepting connections:
# Using telnet (if available)
telnet example.com 22
# Or using nc (netcat)
nc -vz example.com 22
# Or using timeout + bash
timeout 2 bash -c 'echo > /dev/tcp/example.com/22' && echo "Port open" || echo "Port closed"If this succeeds, you should see a response like:
Connected to example.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4If it fails, the SSH port is not accessible. This confirms the network/firewall issue.
Run SSH with verbose flags to see exactly where the connection fails:
ssh -vvv [email protected]The -vvv flag provides maximum verbosity. Look for lines like:
- Trying 192.168.1.100... - Shows if it found an IP
- Connection refused - Server is reachable but SSH port closed
- No route to host - Network unreachable
- Connection timed out - Server not responding
The verbose output will tell you exactly where the connection process fails, helping identify if it's DNS, routing, firewall, or the SSH service.
If the host is reachable by ping, verify the firewall allows SSH on port 22:
On the remote host (Linux):
# Check if SSH port is listening
sudo netstat -tlnp | grep ssh
# Or using ss:
sudo ss -tlnp | grep sshShould show something like:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTENCheck firewall rules:
# UFW (Ubuntu/Debian)
sudo ufw status
sudo ufw allow 22/tcp
# iptables (general Linux)
sudo iptables -L -n | grep 22
# firewalld (CentOS/RHEL)
sudo firewall-cmd --list-all
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reloadVerify your local firewall isn't blocking outbound SSH connections:
On Linux:
sudo iptables -L -n
sudo firewall-cmd --list-all # For firewalldOn macOS:
Open System Preferences > Security & Privacy > Firewall and check if it's blocking SSH.
On Windows:
Open Windows Defender Firewall > Advanced settings and check for outbound rules blocking port 22.
Most modern firewalls allow outbound connections by default, but corporate networks may restrict them. If behind a corporate firewall, check with your IT department.
If you have access to the remote host console or through another method, restart the SSH daemon:
# On Linux/Unix
sudo systemctl restart ssh
# Or:
sudo systemctl restart sshd
# Check if it's running:
sudo systemctl status sshThe SSH service might have crashed or stopped. Restarting it may resolve the issue. If you can't access the console, you may need to:
- Request the system administrator restart SSH
- Reboot the server if necessary
- Check cloud provider console (AWS, DigitalOcean, etc.) for the host status
Advanced troubleshooting:
SSH on Non-Standard Ports: Many systems run SSH on ports other than 22 (e.g., 2222, 10022) for security. Always specify the correct port with -p:
ssh -p 2222 [email protected]Behind NAT/Router: If connecting through a NAT router or firewall, port forwarding must be configured. The remote address might be a public IP that maps to an internal IP. Work with your network admin to set up port forwarding rules.
IPv6 vs IPv4: Some hosts respond on IPv6 but not IPv4, or vice versa. Try explicitly specifying the IP version:
ssh -4 [email protected] # Force IPv4
ssh -6 [email protected] # Force IPv6ProxyJump/Bastion Hosts: If connecting through a bastion/jump host, use ProxyJump:
SSH ProxyCommand: Older systems may need ProxyCommand in ~/.ssh/config instead of ProxyJump.
Corporate Network Issues: Behind a corporate proxy or firewall, direct SSH may be blocked. Check if SSH over HTTPS (port 443) is available, or use ssh -C for compression. Contact your IT department for proxy settings.
DNS Propagation Delays: After adding a new DNS record, changes can take hours to propagate worldwide. If you just added the DNS entry, wait and try again later, or use the IP address directly.
Intermittent Failures: If connection sometimes works and sometimes doesn't, suspect:
- Load balancer or DNS round-robin with some servers offline
- Temporary network congestion
- Rate limiting kicking in after repeated failed attempts
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
How to fix SSH man-in-the-middle attack warning in SSH
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
How to fix "WARNING: UNPROTECTED PRIVATE KEY FILE!" in SSH
sign_and_send_pubkey: no mutual signature supported
How to fix "sign_and_send_pubkey: no mutual signature supported" in SSH
Bad owner or permissions on /home/user/.ssh/known_hosts
How to fix "Bad owner or permissions on known_hosts" in SSH
It is required that your private key files are NOT accessible by others.
How to fix "private key files are NOT accessible by others" in SSH