Zurück zur DokumentationSymptoms
- SSH takes 10-30 seconds before showing login prompt
- Connection drops after a few minutes of inactivity
- ssh: connect to host ... port 22: Connection timed out
1. SSH slow on startup (30s wait)
Cause: DNS reverse lookup
SSH tries to resolve reverse DNS of your IP. If DNS is slow or not configured, it waits for timeout.
Verify:
time ssh root@server hostname
# If it takes >5s, it's DNS
Fix: disable DNS lookup on server
nano /etc/ssh/sshd_config
UseDNS no
systemctl restart sshd
Cause: GSSAPI authentication
SSH tries Kerberos/GSSAPI authentication that fails with timeout.
Fix on client side (on your PC):
nano ~/.ssh/config
Host *
GSSAPIAuthentication no
GSSAPIDelegateCredentials no
Or at connection time:
ssh -o GSSAPIAuthentication=no root@server
2. Disconnections on inactivity
Fix on server side
nano /etc/ssh/sshd_config
# Send keep-alive every 60 seconds, up to 10 attempts
ClientAliveInterval 60
ClientAliveCountMax 10
systemctl restart sshd
Fix on client side
nano ~/.ssh/config
Host *
ServerAliveInterval 60
ServerAliveCountMax 10
TCPKeepAlive yes
3. Connection timeout (can't connect)
Cause: port blocked by firewall
# From your PC, test connection
nc -zv SERVER_IP 22
# or
telnet SERVER_IP 22
If it doesn't respond, check on server (access from VNC/VirtFusion console):
# Firewall status
ufw status
iptables -L INPUT -n --line-numbers
# Is SSH running?
systemctl status sshd
ss -tlnp | grep :22
SSH port changed
If you changed the SSH port:
ssh -p 2222 root@server
Cause: fail2ban banned your IP
fail2ban-client status sshd
fail2ban-client set sshd unbanip YOUR_IP
4. Host key verification failed
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
Server was reinstalled or SSH key changed. Remove the old key:
# From your PC
ssh-keygen -R SERVER_IP
# or remove the specific line from:
nano ~/.ssh/known_hosts
5. Permission denied (publickey)
Verify permissions of public key on server
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
ls -la ~/.ssh/
Verify PubkeyAuthentication is enabled
grep PubkeyAuthentication /etc/ssh/sshd_config
# Must be: PubkeyAuthentication yes
Debug connection
# From your PC, show detailed debug
ssh -vvv root@server 2>&1 | head -60
6. Optimize SSH for fast connections
Add to ~/.ssh/config on your PC:
Host my-vps
HostName SERVER_IP
User root
IdentityFile ~/.ssh/id_ed25519
# Reuse existing connections (much faster for multiple sessions)
ControlMaster auto
ControlPath ~/.ssh/cm-%r@%h:%p
ControlPersist 10m
# Compression (useful with slow connection)
Compression yes
# No DNS, no GSSAPI
GSSAPIAuthentication no
UseDNS no
With ControlMaster, subsequent connections to same server are instant.
If port 22 is blocked by your network (e.g. corporate network), you can configure SSH on port 443 on the server and connect from any network.
Verwandte Artikel
Locked Out of VPS
Complete guide to recover server access when locked out, with step-by-step instructions from VNC Console
Server Unreachable
What to do when server is not responding or you can't connect via SSH
Website Not Reachable
What to do when website is not responding, shows errors, or is unreachable
DeluxHost, gegründet 2023, bietet hochwertige Hosting-Lösungen für verschiedene digitale Anforderungen. Wir bieten Shared Hosting, VPS und dedizierte Server mit erweiterter Sicherheit und globalen Rechenzentren.
