SSH Workbench

SSH Port Checker

Test if SSH port is open and accessible on any server.

What is an SSH Port?

SSH (Secure Shell) uses port 22 by default for encrypted remote access to servers. When you can't connect via SSH, the first step is checking if the port is open and reachable. This tool tests TCP connectivity from our servers to your target, helping diagnose firewall issues, misconfigurations, or network problems.

Common SSH Ports

PortUsage
22Default SSH port (IANA assigned)
2222Common alternative (Docker, dev environments)
22222Secondary alternative for security through obscurity
443SSH over HTTPS port (bypasses restrictive firewalls)

Why is my SSH port closed?

  • SSH service not running — Check with systemctl status sshd
  • Firewall blocking — Check iptables, ufw, or cloud security groups
  • Wrong port — SSH might be configured on a non-standard port in /etc/ssh/sshd_config
  • NAT/Router issue — Port forwarding may not be configured for internal servers
  • Server offline — The machine might be powered off or unreachable

Frequently Asked Questions

Is SSH TCP or UDP?
SSH uses TCP exclusively (not UDP) because it requires reliable, ordered delivery for secure shell sessions. TCP's connection-oriented nature ensures encrypted data arrives intact and in sequence, which is critical for interactive terminal sessions. The default port is TCP 22.
Is SSH port 22 secure to expose to the internet?
Port 22 itself is secure when SSH is properly configured. However, exposing it invites brute-force attacks. Best practices include: using key-based authentication (disable passwords), implementing fail2ban, using a non-standard port, and restricting access via firewall rules to known IPs when possible.
What's the difference between 'closed' and 'filtered'?
A 'closed' port responds with a TCP RST packet — the port is reachable but nothing is listening. A 'filtered' port gives no response (timeout) — usually a firewall is dropping packets silently. Both prevent SSH connections, but filtered suggests firewall configuration, while closed suggests the SSH service isn't running.
Can I SSH over port 443 to bypass firewalls?
Yes, many restrictive networks (hotels, airports) only allow ports 80 and 443. You can configure SSH to listen on 443 if you don't need HTTPS on that server. Tools like sslh can multiplex SSH and HTTPS on the same port by detecting the protocol.
Why does the port show open but I still can't connect?
An open port means the TCP connection succeeds, but SSH authentication is separate. Issues could include: wrong username, SSH key not accepted, password authentication disabled, user not in AllowUsers list, or SSH banner exchange failing due to protocol mismatch.

Related Tools

Key Generator

Generate RSA, Ed25519, and ECDSA SSH keys securely in your browser.

Config Generator

Generate ~/.ssh/config entries visually. Build config files with host aliases, jump hosts, and identity files.

Key Validator

Validate SSH public and private keys. Check key type, format, fingerprint, and comment.

PEM to PPK Converter

Convert PEM SSH keys to PPK format for PuTTY. Validate keys and get step-by-step conversion instructions.

SSL Checker

Check SSL/TLS certificate validity, expiry, chain, and issuer for any domain. Color-coded expiry warnings.

Need to manage SSH connections?

SSH Workbench lets you connect, browse files, and manage servers visually.

Try SSH Workbench Free