Common Issues

SSH Slow or Connection Timeout

Resolve slow SSH connections, timeouts and frequent disconnections. Diagnosis and fix in minutes.

Symptoms

  • SSH takes 10-30 seconds before showing login prompt
  • Connection drops after a few minutes of inactivity
  • ssh: connect to host ... port 22: Connection timed out

1. SSH slow on startup (30s wait)

Cause: DNS reverse lookup

SSH tries to resolve reverse DNS of your IP. If DNS is slow or not configured, it waits for timeout.

Verify:

time ssh root@server hostname
# If it takes >5s, it's DNS

Fix: disable DNS lookup on server

nano /etc/ssh/sshd_config
UseDNS no
systemctl restart sshd

Cause: GSSAPI authentication

SSH tries Kerberos/GSSAPI authentication that fails with timeout.

Fix on client side (on your PC):

nano ~/.ssh/config
Host *
  GSSAPIAuthentication no
  GSSAPIDelegateCredentials no

Or at connection time:

ssh -o GSSAPIAuthentication=no root@server

2. Disconnections on inactivity

Fix on server side

nano /etc/ssh/sshd_config
# Send keep-alive every 60 seconds, up to 10 attempts
ClientAliveInterval 60
ClientAliveCountMax 10
systemctl restart sshd

Fix on client side

nano ~/.ssh/config
Host *
  ServerAliveInterval 60
  ServerAliveCountMax 10
  TCPKeepAlive yes

3. Connection timeout (can't connect)

Cause: port blocked by firewall

# From your PC, test connection
nc -zv SERVER_IP 22
# or
telnet SERVER_IP 22

If it doesn't respond, check on server (access from VNC/VirtFusion console):

# Firewall status
ufw status
iptables -L INPUT -n --line-numbers

# Is SSH running?
systemctl status sshd
ss -tlnp | grep :22

SSH port changed

If you changed the SSH port:

ssh -p 2222 root@server

Cause: fail2ban banned your IP

fail2ban-client status sshd
fail2ban-client set sshd unbanip YOUR_IP

4. Host key verification failed

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

Server was reinstalled or SSH key changed. Remove the old key:

# From your PC
ssh-keygen -R SERVER_IP
# or remove the specific line from:
nano ~/.ssh/known_hosts

5. Permission denied (publickey)

Verify permissions of public key on server

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
ls -la ~/.ssh/

Verify PubkeyAuthentication is enabled

grep PubkeyAuthentication /etc/ssh/sshd_config
# Must be: PubkeyAuthentication yes

Debug connection

# From your PC, show detailed debug
ssh -vvv root@server 2>&1 | head -60

6. Optimize SSH for fast connections

Add to ~/.ssh/config on your PC:

Host my-vps
  HostName SERVER_IP
  User root
  IdentityFile ~/.ssh/id_ed25519

  # Reuse existing connections (much faster for multiple sessions)
  ControlMaster auto
  ControlPath ~/.ssh/cm-%r@%h:%p
  ControlPersist 10m

  # Compression (useful with slow connection)
  Compression yes

  # No DNS, no GSSAPI
  GSSAPIAuthentication no
  UseDNS no

With ControlMaster, subsequent connections to same server are instant.

SSH over HTTPS (port 443)

If port 22 is blocked by your network (e.g. corporate network), you can configure SSH on port 443 on the server and connect from any network.

SSH: Permission Denied

How to resolve common SSH access errors

Service Won't Start

How to diagnose and fix a Linux service that won't start or crashes continuously

On this page

Symptoms1. SSH slow on startup (30s wait)Cause: DNS reverse lookupCause: GSSAPI authentication2. Disconnections on inactivityFix on server sideFix on client side3. Connection timeout (can't connect)Cause: port blocked by firewallSSH port changedCause: fail2ban banned your IP4. Host key verification failed5. Permission denied (publickey)Verify permissions of public key on serverVerify PubkeyAuthentication is enabledDebug connection6. Optimize SSH for fast connections