How to fix Invalid user user from hostname port XXXXX in SSH

First, confirm that the username you're trying to use actually exists on the target system. Log in locally or through another method (like console access) and check:

id username

Or list all users:

cat /etc/passwd | grep username

If the command returns nothing or 'id: username: no such user', the account doesn't exist and needs to be created or you're using the wrong username.

Verify that you're using the correct username in your SSH command:

ssh username@hostname

Common typos:
- 'root' vs 'route'
- 'admin' vs 'administrator'
- Forgetting the username entirely (connects as current user)
- Extra spaces or special characters

If you're using a config file, verify the Host entry:

cat ~/.ssh/config

Ensure the User directive matches an actual account on the server.

On the remote server, examine the SSH configuration for access restrictions:

sudo grep -E 'AllowUsers|AllowGroups|DenyUsers|DenyGroups' /etc/ssh/sshd_config

If AllowUsers is set, only users in that list can connect:

AllowUsers user1 [email protected]/24

If your username isn't listed, add it:

sudo nano /etc/ssh/sshd_config
# Edit AllowUsers line to include your username
AllowUsers user1 user2 youruser

# Save and restart sshd
sudo systemctl restart sshd

Similarly check AllowGroups and ensure your user's primary or secondary group is listed:

groups username

Check the user's shell configuration:

sudo grep ^username /etc/passwd

The output format is: username:x:uid:gid:comment:/home/username:/bin/bash

The last field is the login shell. If it's set to /bin/false, /sbin/nologin, or a non-existent shell, the user cannot log in. To fix:

sudo usermod -s /bin/bash username

Common invalid shells:
- /bin/false - explicitly disallows login
- /sbin/nologin - system account with no login
- /usr/sbin/nologin - another variant of nologin

Set the shell to /bin/bash, /bin/sh, or another valid shell from /etc/shells.

Review the SSH server logs to understand exactly why the user is invalid:

On Debian/Ubuntu:

sudo tail -f /var/log/auth.log | grep 'Invalid user'

On RedHat/CentOS:

sudo tail -f /var/log/secure | grep 'Invalid user'

Using journalctl (all systems):

sudo journalctl -u sshd -f

Look for related messages:
- 'input_userauth_request: invalid user' - username doesn't exist
- 'not allowed because none of user's groups' - AllowGroups issue
- 'User ... from ... not allowed' - DenyUsers/AllowUsers restriction

Make a login attempt from your client while watching the logs to see the exact failure reason.

Check if the user is explicitly denied:

sudo grep -E 'DenyUsers|DenyGroups' /etc/ssh/sshd_config

If the user or their group is listed in DenyUsers or DenyGroups, they're explicitly blocked. Remove them:

sudo nano /etc/ssh/sshd_config
# Remove the user from DenyUsers line
# Or remove the group from DenyGroups line

# Save and restart
sudo systemctl restart sshd

Note: When both AllowUsers/AllowGroups and DenyUsers/DenyGroups are set, a user must be allowed by both to gain access.

Run your SSH command with verbose flags to see detailed authentication process:

ssh -vvv username@hostname

With three -v flags, you'll see:
- Which authentication methods are attempted
- Whether the server rejects before or after password prompt
- Configuration directives being evaluated
- Exact error message from the server

If the error appears before asking for a password, it's a user lookup/configuration issue (not a password issue). If it appears after entering a password, the user exists but auth is failing for another reason.

If you've confirmed the user doesn't exist and should exist, create it:

# Create user with home directory
sudo useradd -m -s /bin/bash newuser

# Or with specific UID/GID
sudo useradd -u 1001 -g 1001 -m -s /bin/bash newuser

# Set a password
sudo passwd newuser

# Verify creation
id newuser

If the user needs to be in the sshlogin group (referenced by AllowGroups):

sudo usermod -a -G sshlogin newuser

After creation, try SSH access again.