This error occurs when SSH cannot resolve a hostname due to DNS failures. Check your internet connection, verify DNS server configuration, and ensure your firewall isn't blocking DNS queries (port 53).
When you see this error, it means your system tried to resolve a hostname to an IP address but the DNS server was unreachable or failed to respond. This is different from "Name or service not known" which indicates the hostname doesn't exist—this error suggests a transient DNS issue or network connectivity problem. SSH relies on DNS to translate hostnames (like "server.example.com") into IP addresses. If your system can't reach its configured DNS servers, can't resolve the address within a timeout period, or if a firewall blocks DNS traffic (port 53), you'll get this temporary failure message.
The most common cause is simply no internet connectivity. Verify your network is working:
# Ping a public IP address (Google DNS)
ping -c 4 8.8.8.8If this fails, you have no internet connectivity. Check your network cable, WiFi connection, or contact your ISP. Once internet is restored, your SSH connection should work.
If internet is working, test if DNS itself is functioning:
# Test with ping (uses DNS)
ping -c 4 google.com
# Try nslookup for more detailed DNS info
nslookup google.com
# Or use dig for detailed DNS queries
dig google.comIf these fail with "Temporary failure in name resolution", your DNS configuration needs fixing. If they work but SSH still fails, verify the specific hostname you're trying to connect to is resolvable:
nslookup your-server-hostname.comView your current DNS server configuration:
cat /etc/resolv.confYou should see at least one nameserver line. If it's missing or pointing to invalid servers, add valid DNS servers:
# Backup original
sudo cp /etc/resolv.conf /etc/resolv.conf.bak
# Edit with your preferred editor
sudo nano /etc/resolv.confAdd or modify nameserver lines to use public DNS servers:
nameserver 8.8.8.8 # Google DNS
nameserver 8.8.4.4 # Google DNS backup
nameserver 1.1.1.1 # Cloudflare DNSSave and test:
ping google.comImportant Note: On Ubuntu and other systemd-based systems, /etc/resolv.conf may be auto-generated by systemd-resolved. If your manual changes don't persist, edit /etc/systemd/resolved.conf instead and restart the service.
If you're on a systemd system and manual edits to /etc/resolv.conf don't stick, configure systemd-resolved:
sudo nano /etc/systemd/resolved.confFind or add the [Resolve] section and set DNS servers:
[Resolve]
DNS=8.8.8.8 8.8.4.4 1.1.1.1
FallbackDNS=8.8.8.8 1.1.1.1Restart the resolver:
sudo systemctl restart systemd-resolvedVerify the changes took effect:
systemd-resolve --statusIf DNS configuration looks correct but resolution still fails, a firewall may be blocking DNS queries (port 53):
# Check if port 53 is accessible to your DNS server
# (Replace 8.8.8.8 with your configured DNS server)
nc -zu 8.8.8.8 53
# Using nmap if available
sudo nmap -sU -p 53 8.8.8.8If you're using UFW (Ubuntu):
# Check UFW status
sudo ufw status
# If UFW is active, allow DNS
sudo ufw allow 53/tcp
sudo ufw allow 53/udp
sudo ufw reloadIf you're using firewalld (Fedora/CentOS):
# Allow DNS through firewall
sudo firewall-cmd --permanent --add-port=53/tcp
sudo firewall-cmd --permanent --add-port=53/udp
sudo firewall-cmd --reloadIn some cases, /etc/nsswitch.conf may not be looking up DNS correctly. Check that the hosts line includes dns:
grep ^hosts /etc/nsswitch.confShould show something like:
hosts: files dns myhostnameThis means it tries /etc/hosts first, then DNS, then myhostname. If dns is missing, add it:
sudo nano /etc/nsswitch.confEdit the hosts line to include dns. Save and try again.
While troubleshooting DNS, you can connect using the server's IP address directly to verify SSH itself is working:
# Try SSH with IP instead of hostname
ssh [email protected]
# Or with a known server
ssh [email protected]If this works, it confirms the DNS issue is the problem. If it also fails, the issue is network connectivity or SSH configuration, not DNS.
WSL 2 users: If you're on Windows Subsystem for Linux 2, DNS resolution might fail because WSL 2 uses Hyper-V networking. Check your /etc/resolv.conf is pointing to the correct nameserver (usually your Windows host). See WSL documentation for resolver configuration.
Docker/Container environments: Inside containers, DNS might be inherited from the host or container runtime. If DNS fails in a container, check that your container has route to a working nameserver and that the container's /etc/resolv.conf or DNS environment is configured correctly.
On some systems: If /etc/resolv.conf shows "nameserver 127.0.0.53" (systemd-resolved), the service must be running. Check: sudo systemctl status systemd-resolved
Temporary vs Permanent failures: This error is "temporary" meaning the DNS server was unreachable or timed out. "Name or service not known" is permanent (hostname doesn't exist in DNS).
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH