LightYear
/Docs
DocsTroubleshootingCannot Connect via SSH

Cannot Connect via SSH

Diagnose and resolve common SSH connection failures including timeouts, refused connections, and permission errors.

beginner
8 min read
LightYear Docs Team
Updated April 24, 2026
sshtroubleshootingconnectionfirewall
Ready to get started?

SSH connection failures are one of the most common issues with cloud servers. This guide covers the most frequent causes and how to resolve them.

Diagnose the Error

Run SSH with verbose output to see exactly where the connection fails:

>_BASH
$ssh -vvv root@YOUR_SERVER_IP

The output shows each step of the connection process, making it easier to identify where it fails.

Error: Connection Timed Out

Symptoms: ssh: connect to host X.X.X.X port 22: Connection timed out

Cause: A firewall is blocking port 22 before the connection reaches the server.

Resolution:

  1. Check your LightYear firewall group — ensure port 22 (TCP) is allowed from your IP.
  2. Navigate to Networking → Firewall Groups → Your Group.
  3. Add a rule: Protocol TCP, Port 22, Source: Your IP or 0.0.0.0/0.
>_BASH
$# Verify the server is reachable at all
$ping YOUR_SERVER_IP
$
$# Test if port 22 is open
$nc -zv YOUR_SERVER_IP 22
OUTPUT
Connection to 45.77.x.x 22 port [tcp/ssh] succeeded!

Error: Connection Refused

Symptoms: ssh: connect to host X.X.X.X port 22: Connection refused

Cause: The SSH daemon is not running on the server.

Resolution: Use the LightYear web console to access the server and restart SSH:

  1. Navigate to Servers → Your Server → Console.
  2. Log in via the web console.
  3. Restart the SSH daemon:
>_BASH
$systemctl status sshd
$systemctl restart sshd

Error: Permission Denied (publickey)

Symptoms: Permission denied (publickey)

Cause: The SSH key on your local machine does not match the authorized key on the server.

Resolution:

Check which key SSH is trying to use:

>_BASH
$ssh -vvv root@YOUR_SERVER_IP 2>&1 | grep "Trying|Offering|identity"

Verify the authorized keys on the server (via web console):

>_BASH
$cat ~/.ssh/authorized_keys

If the key is missing, add it:

>_BASH
$echo "YOUR_PUBLIC_KEY" >> ~/.ssh/authorized_keys
$chmod 600 ~/.ssh/authorized_keys
$chmod 700 ~/.ssh

Error: Host Key Verification Failed

Symptoms: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

Cause: The server was re-deployed or the IP was reassigned to a different server.

Resolution:

Remove the old host key:

>_BASH
$ssh-keygen -R YOUR_SERVER_IP

Then reconnect and accept the new fingerprint.

[!WARNING] Only remove the host key if you are certain the server was legitimately re-deployed. A changed host key can also indicate a man-in-the-middle attack.

Still Cannot Connect?

Use the LightYear web console as a fallback:

  1. Navigate to Servers → Your Server → Console.
  2. Log in with your root password or via the emergency console.
  3. Check the SSH daemon logs:
>_BASH
$journalctl -u sshd -n 50

Was this article helpful?

Your cookie choices for this website

This site uses cookies and related technologies, as described in our privacy policy, for purposes that may include site operation, analytics, and enhanced user experience. You may choose to consent to our use of these technologies, or manage your own preferences. Cookie policy