VPS: vps-7f023e40.vps.ovh.net IP: 51.38.51.204 Region: eu-west-gra My External IP: 212.15.87.43
Problem
SSH connections to my VPS are refused. After extensive troubleshooting via KVM console, I have evidence that my packets are not reaching the server at all.
What I've Verified (via KVM Console)
1. SSH service is running and listening:
$ sudo systemctl status ssh
Active: active (running)
$ sudo ss -tlnp | grep 22
LISTEN 0 128 0.0.0.0:22 users:(("sshd",pid=880))
LISTEN 0 128 [::]:22 users:(("sshd",pid=880))2. UFW allows port 22:
$ sudo ufw status | grep 22
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)3. Fail2ban is NOT blocking my IP:
- Checked
fail2ban-client status sshd- my IP not in banned list - Checked
fail2ban-client status sshd-aggressive- my IP not in banned list - Checked
fail2ban-client status recidive- my IP not banned - Ran
sudo iptables-save | grep 212.15.87- no rules for my IP
4. TCP wrappers not blocking:
$ cat /etc/hosts.deny
# Only comments, no active rules5. Edge Network Firewall:
- Status: Disabled in control panel
6. Network Security Dashboard:
- No active DDoS mitigation showing
- No suspicious activity for my IP
The Critical Evidence
tcpdump on the server shows NO packets from my IP:
$ sudo tcpdump -i ens3 -n 'tcp port 22' -c 10While running tcpdump, I attempted SSH from my machine. The tcpdump captured packets from OTHER IPs (attackers) but zero packets from my IP (212.15.87.43).
This proves my traffic is being blocked before reaching the VPS.
From my client machine:
$ nc -zv 51.38.51.204 22
nc: connect to 51.38.51.204 port 22 (tcp) failed: Connection refused
$ ping 51.38.51.204
2 packets transmitted, 2 received, 0% packet lossPing works. SSH does not. Error is "connection refused" not timeout.
What I've Ruled Out
| Check | Result |
|---|---|
| SSH service running | Yes, listening on 0.0.0.0:22 |
| UFW allows port 22 | Yes |
| fail2ban blocking | No - IP not in any jail |
| iptables blocking | No rules for my IP |
| hosts.deny | Empty/comments only |
| Edge Firewall | Disabled |
| Anti-DDoS Dashboard | No mitigation active |
| Packets reaching server | NO - tcpdump shows nothing from my IP |
Request
Since my packets are not reaching the server (proven by tcpdump), the block must be at OVH network level. Could someone please check:
- Is my IP (212.15.87.43) blocked by Anti-DDoS infrastructure?
- Is there routing issue between my ISP and this VPS?
- Is there any network-level filtering affecting my traffic?
I can access the server via KVM and run any diagnostic commands needed.
Thank you.
32120 
15.07.2025 14:55
Hello,
Did you try a traceroute ?
A traceroute from an OVH datacenter in London to your IP in Panama (or NewZeeland?) returns this:
5 be103.lon-thw-sbb1-nc5.uk.eu (213.186.32.252) 0.859 ms 10.200.0.129 (10.200.0.129) 0.847 ms 1.074 ms
6 10.200.0.133 (10.200.0.133) 0.948 ms 10.200.0.171 (10.200.0.171) 1.398 ms 1.354 ms
7 * * *
8 be6617.ccr51.lon05.atlas.cogentco.com (130.117.48.49) 1.633 ms 1.726 ms 1.479 ms
9 port-channel2406.ccr92.lhr01.atlas.cogentco.com (154.54.74.166) 1.540 ms 1.561 ms 1.565 ms
10 be2133.ccr22.lpl01.atlas.cogentco.com (154.54.63.237) 7.869 ms port-channel8669.ccr91.lhr01.atlas.cogentco.com (154.54.75.38) 2.008 ms be2133.ccr22.lpl01.atlas.cogentco.com (154.54.63.237) 7.614 ms
11 be3042.ccr21.ymq01.atlas.cogentco.com (154.54.44.162) 78.245 ms 78.580 ms be3043.ccr22.ymq01.atlas.cogentco.com (154.54.44.166) 76.634 ms
12 be3042.ccr21.ymq01.atlas.cogentco.com (154.54.44.162) 78.219 ms be3259.ccr31.yyz02.atlas.cogentco.com (154.54.41.205) 84.834 ms be3042.ccr21.ymq01.atlas.cogentco.com (154.54.44.162) 78.672 ms
13 be3424.ccr81.sea08.atlas.cogentco.com (154.54.82.253) 139.361 ms be3260.ccr32.yyz02.atlas.cogentco.com (154.54.42.89) 83.765 ms 83.683 ms
14 be3424.ccr81.sea08.atlas.cogentco.com (154.54.82.253) 140.025 ms be9341.ccr21.sea02.atlas.cogentco.com (154.54.160.162) 145.341 ms be4941.ccr82.sea08.atlas.cogentco.com (154.54.94.73) 147.210 ms
15 be2454.ccr21.sea02.atlas.cogentco.com (154.54.164.26) 139.191 ms be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78) 144.589 ms be9342.ccr22.sea02.atlas.cogentco.com (154.54.160.238) 138.405 ms
16 be2670.ccr21.pdx01.atlas.cogentco.com (154.54.42.150) 145.137 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158) 145.039 ms 145.341 ms
17 be5436.ccr71.akl01.atlas.cogentco.com (154.54.162.46) 268.592 ms be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158) 145.072 ms be5436.ccr71.akl01.atlas.cogentco.com (154.54.162.46) 268.232 ms
18 be6282.rcr61.b073288-1.akl01.atlas.cogentco.com (154.54.170.134) 270.415 ms be5436.ccr71.akl01.atlas.cogentco.com (154.54.162.46) 269.187 ms be6282.rcr61.b073288-1.akl01.atlas.cogentco.com (154.54.170.134) 270.338 ms
19 154.18.104.71 (154.18.104.71) 269.458 ms be6282.rcr61.b073288-1.akl01.atlas.cogentco.com (154.54.170.134) 270.758 ms 269.921 ms
20 * 154.18.104.71 (154.18.104.71) 269.560 ms *
21 * * *
22 * etc etc etc
From my home in Belgium:
4 ae-60-100.ibrstr5.isp.proximus.be (91.183.241.168) 15.512 ms 15.655 ms 15.617 ms
5 brx-b3-link.ip.twelve99.net (62.115.40.97) 16.081 ms 17.777 ms 17.806 ms
6 prs-bb1-link.ip.twelve99.net (62.115.116.238) 25.222 ms 15.983 ms 14.607 ms
7 prs-b6-link.ip.twelve99.net (62.115.125.119) 18.505 ms 19.819 ms 20.885 ms
8 * * *
9 be3628.ccr42.jfk02.atlas.cogentco.com (154.54.27.169) 336.859 ms 337.498 ms be3627.ccr41.jfk02.atlas.cogentco.com (66.28.4.197) 327.719 ms
10 port-channel4986.ccr92.cle04.atlas.cogentco.com (154.54.162.169) 104.961 ms 101.278 ms port-channel4985.ccr91.cle04.atlas.cogentco.com (154.54.162.165) 96.515 ms
11 be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 320.281 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129) 320.907 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 321.392 ms
12 be5214.ccr31.oma02.atlas.cogentco.com (154.54.165.133) 323.579 ms 320.646 ms 320.552 ms
13 * be8568.ccr82.den01.atlas.cogentco.com (154.54.95.109) 336.163 ms *
14 be2353.ccr81.slc03.atlas.cogentco.com (154.54.5.102) 338.292 ms * *
15 be4501.ccr31.slc01.atlas.cogentco.com (154.54.88.205) 337.692 ms be6640.ccr32.slc01.atlas.cogentco.com (154.54.88.221) 321.289 ms 322.335 ms
16 be5823.ccr21.sea02.atlas.cogentco.com (154.54.167.146) 321.504 ms 321.209 ms 320.718 ms
17 be2671.ccr21.pdx01.atlas.cogentco.com (154.54.31.78) 320.785 ms 320.978 ms be2670.ccr21.pdx01.atlas.cogentco.com (154.54.42.150) 337.999 ms
18 be2216.ccr51.pdx02.atlas.cogentco.com (154.54.31.158) 337.912 ms 337.579 ms 336.603 ms
19 be5436.ccr71.akl01.atlas.cogentco.com (154.54.162.46) 321.037 ms 320.959 ms 320.365 ms
20 be6282.rcr61.b073288-1.akl01.atlas.cogentco.com (154.54.170.134) 336.866 ms 336.883 ms 336.233 ms
21 154.18.104.71 (154.18.104.71) 321.010 ms 320.380 ms 320.255 ms
22 * * *
23 * * *
24 * etc etc
Your ssh server on your VPS is alive. Try ssh -v for a debug trace. Do you have an incompatibility with ciphers ?
I got this:
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u7
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.13
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.13 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 51.38.51.204:22 as 'root'
...
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:klzVo7Tdy+hmc08to6FFy/Q7hf2zdwrvHanEUaKr0f0
...
The authenticity of host '51.38.51.204 (51.38.51.204)' can't be established.
ED25519 key fingerprint is SHA256:klzVo7Tdy+hmc08to6FFy/Q7hf2zdwrvHanEUaKr0f0.
...
Test your network connectivity. The web server (port 80) is alive too, with a nginx banner.
Reboot your VPS in rescue mode. It is like booting a live CD. Your temporary root password will be provided via email.