The Symptom
$ ssh user@server.example.com
# ... long pause ...
ssh: connect to host server.example.com port 22: Connection timed outNo password prompt. No error message immediately. Just silence, then timeout.
Why This Happens
A timeout means your SYN packet isn't getting a response. Either:
- 1.The server isn't reachable (network issue)
- 2.A firewall is silently dropping packets
- 3.The server is overloaded and can't respond
Step 1: Check Basic Connectivity
# Can you reach the server at all?
ping -c 3 server.example.comIf ping fails, the server is unreachable—check your network, VPN, or the server status.
If ping works but SSH doesn't, something is specifically blocking port 22.
Step 2: Test Port Connectivity
```bash # Using nc (netcat) nc -zv server.example.com 22 -w 5
# Using telnet telnet server.example.com 22 ```
If this also times out, port 22 is being filtered.
Step 3: Check for Firewall Dropping
Unlike "connection refused," a timeout suggests packets are being dropped (no response) rather than rejected (immediate response).
On the server, check iptables:
sudo iptables -L -n -v | grep 22Look for DROP rules. A rule like this would cause timeouts:
DROP tcp -- anywhere anywhere tcp dpt:22To allow SSH:
sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPTStep 4: Check Cloud Security Groups
If the server is on AWS, Azure, GCP, etc., check:
- Security group inbound rules
- Network ACL rules
- VPC/subnet configuration
These often silently drop packets rather than reject them.
Step 5: Check Server Load
An overloaded server might not respond in time:
# If you have console access
top
uptimeLook for high CPU, memory pressure, or excessive load averages.
Increase Client Timeout
As a workaround, you can increase SSH timeout:
ssh -o ConnectTimeout=30 user@serverOr add to ~/.ssh/config:
Host slow-server
ConnectTimeout 30
ServerAliveInterval 15
ServerAliveCountMax 3IPv6 Issues
Sometimes SSH tries IPv6 and times out before falling back to IPv4:
```bash # Force IPv4 ssh -4 user@server
# Or in config Host server AddressFamily inet ```