Diagnosing SSH servers

This checklist helps rapidly diagnose SSH server issues, segmenting the problem into whether it’s network, firewall or SSH server configuration issues.

Note: This checklist is OpenSSH + Debian/Ubuntu centric. Some systems (particularly embedded) may use iptables or nftables directly instead of high-level ufw.

SSH server running?

Check if the SSH server is actually running. Errors in /etc/ssh/sshd_config can prevent the SSH server from running.

service ssh status

should show feedback including:

Active: active (running)

If not, try

service ssh restart

If restarting SSH server allows connections, be sure that after rebooting the server, the SSH server still works. This could help avoid a costly trip back to the site later.

Network + Firewall

  1. check port SSH server is supposed to be on in /etc/ssh/sshd_config. Look for Port 22 or whatever you have set SSH server to be on. Although “security through obscurity” is not the goal of changing to a non-default SSH port, it can drastically reduce the amount of log flooding.
  2. Check that firewall is open on the SSH server port.

    ufw status
    

    22/tcp ALLOW Anywhere

    22/tcp (v6) ALLOW Anywhere (v6)

  3. Check that packets are making it from the SSH client to the SSH server by on the server

    tcpdump port 22 -n -Q inout
    

    note that you can specify the desired network interface as revealed by ip a with the tcpdump -i option. When the SSH client attempts to connect, the SSH server tcpdump should show packets coming in on the desired port with the client IP address also shown. If not, see if the network itself has a firewall that’s blocking your packets.

Tags:

Categories:

Updated:

Leave a Comment