SSH Connectivity Troubleshooting
When SSH fails, you need to separate “can I reach the host?” from “can I complete the handshake?” and then from “am I authorized?” This pillar focuses on the connectivity layer: ports, reachability, and common network-side blockers that cause SSH timeouts.
Related tools
- Port Scanner — validate if port 22 (or custom) is reachable.
- Config Generator — generate device configs and reduce manual mistakes.
- Ping Monitor — confirm baseline reachability before SSH tests.
Connectivity-first checklist
- Can you reach the host? Start with Ping Monitor.
- Is the SSH port reachable? Use Port Scanner against port 22 (or the configured port).
- If the port is closed/filtered: check firewall rules, security groups, ACLs, and upstream policy.
- If the port is open but SSH still fails: suspect auth (keys), host key issues, or server-side config.
Common SSH symptoms
Ping works, SSH times out
Often a port-level block (ACL/firewall) or an SSH service not listening. Validate port reachability first.
Intermittent SSH drops
Look for unstable links, NAT timeouts, or MTU issues. Start with continuous ping/latency trends and trace the path.
Next steps
If SSH issues correlate with high latency or route shifts, pivot to Ping & Latency Diagnostics and Traceroute & Routing Analysis.