4 ways to fix ssh: connect to host port 22: No route to host

The “No route to host” error can occur when attempting to connect to a remote host using the Secure Shell (SSH) protocol.

This error usually indicates that a request sent from a client is not being properly routed to the destination host.

This could be due to various factors, such as incorrect network settings, the wrong server name or IP address, or a firewall preventing the connection.

In this article, we will discuss 4 ways to fix this issue. Hope you can find it useful.

Table of Contents

Verify SSH command Syntax

The “ssh: connect to host port 22: No route to host” error message typically indicates that there is a problem with the network connection to the host specified in the command.

To avoid this error, make sure that the hostname or IP address specified in the command is correct.

The basic syntax for the SSH command is:

ssh [options] [user@]hostname [command]

options are optional and can be used to specify various settings such as the port to connect to or to enable verbose mode.
user@ is optional and specifies the user to log in as. If not specified, the current user will be used.
hostname is the hostname or IP address of the server to connect to.
command is optional and specifies a command to run on the remote server after logging in.

Example:

ssh [email protected]

This will log in to the server at example.com as the user ‘user’.

You may want to specify the port number if the remote ssh server is running on a port different from default port (22).

ssh -p 2222 [email protected]

This will log in to the server at example.com on port 2222 as the user ‘user’

You could also try using the verbose option “-v” to see more information about the connection process and help troubleshoot the problem.

ssh -v -p 2222 [email protected]

To enable verbose output in an SSH command, you can use the -vvvv option. This will display detailed debugging information, helping you to diagnose and troubleshoot any connection issues.

Here’s the SSH command with verbose output enabled:

ssh -vvvv user@hostname_or_ip

Replace user with your username and hostname_or_ip with the remote server’s hostname or IP address.

When you use the -vvvv option, SSH will show verbose output, providing you with more information about the connection process, key exchanges, and any authentication issues that may occur.

This can be extremely helpful in identifying the root cause of connection problems and resolving them effectively. Keep in mind that the more v characters you add (e.g., -vv, -vvv, -vvvv), the more detailed the debugging information will be.

Check network connection between the local and remote server

Make sure that the device experiencing the error is properly connected to the network and that the network is functioning properly.

Verify that the device is properly connected to the network. This may involve checking the cables and connections to the device, as well as the status of the device’s network interface.

Use the ip link show command to view the status of the device’s network interfaces. Look for any errors or issues that may be affecting the network connection.

Use the ping command to test the network connection. The ping command sends a request to a specific IP address and waits for a response.

If the device receives a response, it indicates that the network connection is working properly.

ping remote-ip

For example:

ping 192.168.1.1

This will send a request to 192.168.1.1. If the device receives a response, it indicates that the network connection is working properly.

If the ping command is not working, you may need to check the routing table to ensure that there is a valid route to the destination.

You can use the traceroute command to check the network connection between your local and remote.

Use the telnet command to test the network connectivity to ssh port

For example, to check if the SSH port (port 22) is open on a remote server with the IP address 192.168.1.1, you can use the following command:

telnet 192.168.1.1 22
If the port is open, you will see something like this:

Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. Press CTRL + ] and then type quit to exit.

If the port is not open, you will see an error message like this:

Trying 192.168.1.1... telnet: Unable to connect to remote host: Connection refused

If you can not connect to the remote port, there may be a problem with your network connection or the service that the remote host is on. Try troubleshooting your network connection and see if that resolves the issue.

If you don’t have telnet command installed, you can check this article to test the port connectivity on remote host using curl or Python.

Check IP address or hostname

Make sure that you use correct Ip address in your ssh command.

It is possible that one server has multiple IP addresses. This is often used for redundancy or to allow the server to communicate over different networks.

You can use the ip or ifconfig commands to view the multiple IP addresses of a server on a Linux system. For example:

ip addr or ifconfig

This will print a list of the network interfaces on the system, along with their IP addresses and other details. Each interface may have one or more IP addresses assigned to it.

It is important to use the correct IP address when connecting to a remote host using the Secure Shell (SSH) protocol. If you use the wrong IP address, you will likely receive an error message such as “No route to host” or “Connection refused”.

Check SSH service status in Linux

To ensure that the SSH server is running and accessible on the host you are trying to connect to, follow these steps:

Log in to the host using an alternative method like remote desktop or console access.
Open a terminal or command prompt on the host.
Check the SSH server’s status using the following systemctl command:
systemctl status sshd

This command will display the current status of the SSH server, whether it is running or not. If the SSH server is running properly, you should see output indicating that the service is active and running.

If the SSH server is not running or encountering any issues, the output from the systemctl status command will provide information about the error or reason for the failure.

You need to investigate the error messages to determine the root cause and take appropriate actions to resolve it.

After confirming that the SSH server is running and accessible, you can attempt to connect to it using the SSH client from your local machine.

Check firewall configuration in Linux

The firewall on the remote host or on your local machine may be blocking the connection. Check the firewall settings and make sure that the connection is allowed.

There are a few different ways to check the status of the firewall on a Linux machine:

ufw (Uncomplicated Firewall) is a user-friendly firewall that is installed by default on many Linux distributions. To check the status of ufw, use the status command:

sudo ufw status

This will show you whether ufw is active or inactive, as well as the rules that are currently in place.

If ufw is not installed on your machine, you can use the iptables command to check the firewall rules. To see the current firewall rules, use the -L flag:

sudo iptables -L

This will show you the rules that are currently in place for the different chains (INPUT, FORWARD, and OUTPUT).

Alternatively, you can use the firewall-cmd command, which is part of the firewalld service. To check the status of the firewall, use the –state flag:

sudo firewall-cmd --state

This will show you whether the firewall is running or not. To see the current firewall rules, use the –list-all flag:

sudo firewall-cmd --list-all

This will show you the rules that are currently in place for the different zones.

Hence, ensure you have the SSH port allowed in your firewall. If you are using UFW, you can run the command:

sudo ufw allow 22/tcp sudo ufw reload

This should add port 22 to the firewall settings and allow incoming and outgoing connections. If SSH is running on a different port, replace the port 22 with your target port.

If you are using firewall-cmd on Fedora or REHL family, you can run the command:

sudo firewall-cmd --permanent --add-port=22/tcp sudo firewall-cmd --reload

Similarly, replace the port 22 with the port of your SSH server.

If you are using iptables, you can run the command:

sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

Once you have allowed the SSH server on your firewall, you can attempt to reconnect to the target host.