Can't connect to SSH (port 22 is open, console works)

July 24, 2016 452 views

I got a droplet yesterday, configured it to be a VPN by following the guide ( ) and it worked just fine untill suddenly about 3h in it disconnected me.

I checked the status - it was running but I couldn't ssh into it. I reset the root password and logged into console. ssh is running, the droplet can ping outside the network etc.

I've not made any other changes to the droplet other than following the guide to the letter.

2 Answers
MDS July 24, 2016
Accepted Answer

What error do you get when you try to connect to ssh?
Can you post your ssh config in /etc/ssh/sshd_config?
And if possible output of sudo iptables -S.

  • It just times out when trying to connect.

    sshd_config -
    iptables -

    • Your firewall seems to be blocking SSH, try using:
      iptables -A INPUT -p tcp --dport 22 -j ACCEPT

      • thanks - that did the trick; I've no idea why it was blocking the ssh port by itself all of a sudden ?

        • It looks like you're using ufw—can you post the output of sudo ufw status?

          • root@ubuntu-512mb-fra1-01:~# ufw status
            Status: active
            To                         Action      From
            --                         ------      ----
            1194/udp                   ALLOW       Anywhere
            1194/udp (v6)              ALLOW       Anywhere (v6)
          • @baphemot sorry, I missed the verbose flag (sudo ufw status verbose). We need it to figure out if UFW's default policy is to accept or deny connections. Since you don't have a rule that matches SSH connections, they'll fall back to the default setting. I'm assuming it's deny, so you'll need to add a rule that lets SSH connections through:

            sudo ufw allow ssh
          • With verbose it's

            root@ubuntu-512mb-fra1-01:~# ufw status verbose
            Status: active
            Logging: on (low)
            Default: deny (incoming), allow (outgoing), allow (routed)
            New profiles: skip
            To                         Action      From
            --                         ------      ----
            1194/udp                   ALLOW IN    Anywhere
            1194/udp (v6)              ALLOW IN    Anywhere (v6)

            so yeah, looks like it's deny by default. running ufw allow ssh fixed it.

            No idea why it got blocked in the first time though - might have been something during VPN setup? ( can't check how, work firewall kills my browser when I attempt to open the VPN guide -_- )

Have another answer? Share your knowledge.