Back to DocsIt happens to everyone: you modified the firewall, changed the SSH port, or something went wrong and now the server isn't responding to your commands. Here's how to recover access.
Quick diagnosis: what happened?
| Symptom | Likely cause |
|---|---|
Connection refused on port 22 | SSH stopped, port changed, or firewall blocks port 22 |
Connection timed out | Firewall blocks all incoming traffic |
Permission denied | Wrong credentials, password changed, SSH key not accepted |
| Server doesn't even respond to ping | Server down, crashed, or upstream network problem |
Step 1: Access via VNC Console
VNC Console gives you direct access to the server as if you had a monitor connected physically. It doesn't depend on the network or SSH.
If you don't remember the root password, see the guide Reset Root Password first. You can change it directly from VNC console without knowing the current one, by starting Rescue Mode.
- Log in to VirtFusion panel
- Select your server → click Console
- Terminal window opens in the browser
- If you see a black screen, press Enter or click on the window
- Enter credentials: root + password
Step 2: Recover SSH access: choose your case
Case A: You blocked the firewall (UFW)
Did you enable UFW without opening port 22? Or did you add a wrong rule?
# Disable UFW completely
ufw disable
# Verify SSH is accessible again (from another terminal)
# Then re-enable UFW with correct rules:
ufw allow 22/tcp
ufw enable
To reset UFW from scratch and start over:
ufw --force reset
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable
ufw status
Case B: You blocked the firewall (iptables)
# Flush all iptables rules and set everything to ACCEPT
iptables -F # Flush all chains
iptables -X # Delete custom chains
iptables -Z # Reset counters
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Same for IPv6
ip6tables -F
ip6tables -X
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT
Then reconfigure the firewall correctly before adding restrictive rules.
Case C: You blocked the firewall (firewalld: CentOS/AlmaLinux)
# Stop firewalld temporarily
systemctl stop firewalld
# Verify SSH is accessible again
# Then restart and add correct rules
systemctl start firewalld
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
Case D: SSH service is stopped
From VNC console:
# Check status
systemctl status sshd
# Start SSH
systemctl start sshd
systemctl enable sshd
# Verify it's listening
ss -tlnp | grep ssh
Case E: You changed the SSH port
From VNC console, find out what port SSH is on:
grep -i port /etc/ssh/sshd_config | grep -v "#"
ss -tlnp | grep sshd
Then connect from your computer specifying the correct port:
ssh -p NEW_PORT root@SERVER_IP
And remember to open that port in the firewall:
ufw allow NEW_PORT/tcp
Case F: sshd_config file is corrupted or has syntax errors
# Test configuration
sshd -t
# If there are errors, show which line
sshd -T 2>&1 | head -20
# Restore default configuration
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak.broken
# Then fix it manually or reinstall the package:
apt install --reinstall openssh-server # Debian/Ubuntu
dnf reinstall openssh-server # CentOS/AlmaLinux
systemctl restart sshd
Case G: Fail2ban banned you
If Fail2ban banned your IP:
# Unblock your IP from sshd jail
fail2ban-client set sshd unbanip YOUR_IP
# Or disable Fail2ban temporarily
systemctl stop fail2ban
# Add your IP to whitelist (ignoreip) in jail.local file
# before re-enabling it
Step 3: Verify from outside
After fixing the problem from VNC console, open a new terminal on your computer and try to connect:
ssh root@SERVER_IP
If it works, you're good. Don't close the VNC session until you've confirmed that SSH works.
Prevention: how not to lock yourself out again
Golden rule: before modifying the firewall or SSH, always test the SSH connection in a new window without closing the current one.
# Good habit: after every firewall modification, verify immediately
ufw status verbose
ss -tlnp | grep ssh
Use a security cron job (firewall panic button): run this command before risky changes: if something goes wrong, the server will restore access automatically after 5 minutes:
# This disables UFW after 5 minutes: enough time to verify
# Cancel it if everything works
echo "ufw disable" | at now + 5 minutes
Always add your IP to Fail2ban whitelist:
# /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1 YOUR_PUBLIC_IP
Related articles
Server Unreachable
What to do when server is not responding or you can't connect via SSH
Website Not Reachable
What to do when website is not responding, shows errors, or is unreachable
Disk Full
What to do when server disk is full and how to free up space quickly
DeluxHost, founded in 2023, offers high-quality hosting solutions for various digital needs. We provide shared hosting, VPS, and dedicated servers with advanced security and global data centers.
