Keywords: Raspberry Pi | SSH Connection | Raspbian System
Abstract: This article systematically addresses the common SSH connection refused issue on Raspberry Pi, analyzing the default disabled mechanism of SSH service in Raspbian systems. It provides multiple enabling methods ranging from graphical interface, terminal configuration to headless setup. Through detailed explanations of systemctl commands and raspi-config tools, combined with network diagnostic techniques, comprehensive solutions are offered for users in different scenarios. The article also discusses advanced topics such as SSH service status checking and firewall configuration.
In daily Raspberry Pi usage, remote access via SSH is a common operational requirement. However, many users encounter "connection refused" errors when attempting to connect, even when network connectivity tests are normal. This phenomenon typically stems from security policy adjustments in Raspbian systems, requiring users to clearly understand and properly configure related services.
Analysis of Default SSH Service Disable Mechanism
Starting from the Raspbian version released in November 2016, the system disables the SSH server by default for security considerations. This design decision means that even with normal network connectivity, any connection attempts will be refused if the SSH service is not actively enabled. This "connection refused" error differs fundamentally from network connectivity issues, which typically manifest as "connection timeout" or "host unreachable".
Graphical Interface Enabling Method
For users with desktop environments, SSH service can be enabled intuitively through system configuration tools. The specific operation path is: Preferences menu → Raspberry Pi Configuration → Interfaces tab. In this interface, locate the SSH option and select Enabled status, then confirm to save settings. This method is suitable for beginners, requiring no memorization of complex commands to complete configuration.
Detailed Terminal Configuration Methods
Enabling SSH service through command line provides more flexible control. Using the raspi-config tool is one recommended approach:
sudo raspi-configAfter executing this command, sequentially select Interfacing Options → SSH → Yes to complete enabling. Another method is directly using systemctl to manage system services:
sudo systemctl enable ssh
sudo systemctl start sshThe first command sets SSH service to start automatically at boot, while the second command immediately starts the service. The advantage of this method lies in precise control over service status, suitable for scenarios requiring automation scripts.
Special Handling for Headless Setup
For Raspberry Pi configurations without display devices, SSH can be enabled by creating a specific file on the SD card boot partition. The specific operation involves creating an empty file named ssh (without extension) in the root directory of the boot partition. The system detects this file during startup, and if found, automatically enables SSH service and deletes the file. The file content is irrelevant and can contain any text or remain empty.
Service Status Verification and Diagnosis
After enabling SSH service, status verification is recommended to ensure configuration takes effect. The following command can be used to check service running status:
sudo systemctl status sshA normally running SSH service should display "active (running)" status. Simultaneously, checking port 22 listening status can confirm whether the service is working properly:
sudo netstat -tlnp | grep :22If SSH service has been correctly started, this command should show the sshd process listening on port 22. For more complex network environments, firewall configuration impacts on SSH connections also need consideration.
Common Issue Troubleshooting Guide
After confirming SSH service is enabled, if connection issues persist, troubleshooting can proceed with the following steps: First verify IP address correctness using hostname -I command to obtain current IP; second check network connectivity ensuring client can ping Raspberry Pi; finally confirm port access permissions, as some network environments may restrict port 22 access. For enterprise networks or public Wi-Fi environments, contacting network administrators to confirm related policies may be necessary.
Security Configuration Recommendations
After enabling SSH service, appropriate security measures are recommended: change default passwords, consider using key authentication instead of password authentication, limit IP address ranges allowed to connect, etc. These measures can significantly improve system security, preventing unauthorized access. For production environment deployments, regular system and SSH package updates should also be performed to promptly patch security vulnerabilities.