Docs / Troubleshooting / How to Troubleshoot SSH Connection Timeouts

How to Troubleshoot SSH Connection Timeouts

By Admin · Mar 2, 2026 · Updated Apr 24, 2026 · 32 views · 3 min read

Understanding SSH Timeouts

SSH connection timeouts occur when the client cannot establish or maintain a connection to the server. This can happen during the initial connection or during an active session. On Breezes and remote servers, resolving SSH timeouts quickly is essential since SSH is usually the primary access method.

Step 1: Basic Connectivity Check

# Can you reach the server at all?
ping -c 4 server-ip

# Is the SSH port open?
nc -zv server-ip 22 -w 5

# Or with nmap
nmap -p 22 server-ip

# Test with telnet
telnet server-ip 22

Step 2: Verbose SSH Connection

# Run SSH with maximum verbosity
ssh -vvv user@server-ip

# Look for where it hangs:
# "Connection timed out" = network/firewall issue
# "Connection refused" = SSH not running or wrong port
# Hangs after "SSH2_MSG_KEXINIT" = possible MTU or cipher issue

Step 3: Check the Server Side

If you have alternative access (VNC console, another server, or out-of-band management):

# Is SSH running?
sudo systemctl status sshd

# Is it listening on the correct port?
ss -tlnp | grep sshd

# Check SSH configuration
sudo sshd -T | grep -E "port|listenaddress|maxsessions"

# Check firewall rules
sudo ufw status
sudo iptables -L -n | grep 22
sudo nft list ruleset | grep 22

Common Causes and Fixes

1. Firewall Blocking

# Allow SSH in UFW
sudo ufw allow 22/tcp

# Or if using a custom port
sudo ufw allow 2222/tcp

# If using iptables
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

2. SSH Listening on Wrong Interface or Port

# Check /etc/ssh/sshd_config
grep -E "^Port|^ListenAddress" /etc/ssh/sshd_config

# Fix and restart
sudo systemctl restart sshd

3. TCP Wrappers Blocking Access

# Check /etc/hosts.deny
cat /etc/hosts.deny

# Check /etc/hosts.allow
cat /etc/hosts.allow

# Ensure your IP is not denied

4. Fail2Ban Blocking Your IP

# Check if your IP is banned
sudo fail2ban-client status sshd

# Unban your IP
sudo fail2ban-client set sshd unbanip YOUR.IP.ADDRESS

5. MTU/Network Path Issues

# Test with reduced MTU
ssh -o "IPQoS=throughput" user@server-ip

# On the server, check MTU
ip link show eth0

# Try lowering MTU temporarily
sudo ip link set eth0 mtu 1400

6. DNS Resolution Delays

# On the server, disable DNS lookup in SSH
# Edit /etc/ssh/sshd_config:
UseDNS no

sudo systemctl restart sshd

Preventing Session Timeouts (Idle Connections)

Client Side (~/.ssh/config)

Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3
    TCPKeepAlive yes

Server Side (/etc/ssh/sshd_config)

ClientAliveInterval 120
ClientAliveCountMax 3
TCPKeepAlive yes

Troubleshooting Checklist

  • Verify server IP and SSH port are correct
  • Check that SSH daemon is running and listening
  • Test from a different network to rule out local issues
  • Check firewalls on server, network, and cloud provider level
  • Review /var/log/auth.log for clues on the server side
  • Ensure /etc/hosts.deny and Fail2Ban are not blocking you
  • If all else fails, use VNC or console access to investigate

Was this article helpful?

Related Articles