How to connect via SSH on Contabo

intermediate 12 min read Updated 2026-03-13

Quick Answer

Connect to your Contabo server using <code>ssh root@SERVER_IP</code> on Linux/Mac or PowerShell/PuTTY on Windows, accept the fingerprint, and enter your password. For security, generate and upload SSH keys to enable key-based authentication instead of passwords. Troubleshoot connection refused errors by checking server status, firewall, and port in the Control Panel.

Prerequisites

Contabo Customer Control Panel access
Server IP address and root password
SSH client (Terminal, PowerShell, PuTTY or Git Bash)
Basic command-line knowledge

Step-by-Step Instructions

Verify Prerequisites and Server Status

Before connecting, log into the Contabo Customer Control Panel to confirm your server's IP address, status (ensure it's running), username (typically root for Linux), and password. Reset password if forgotten via the panel. Temporarily disable local firewall/antivirus for testing. Default SSH port is 22.

Use VNC access from Control Panel if SSH fails initially.

Connect from Windows (PowerShell or Git Bash)

Open PowerShell (Windows Key + type 'PowerShell') or install Git Bash for SSH. Run ssh root@YOUR_SERVER_IP. For custom port: ssh -p PORT root@YOUR_SERVER_IP. Type yes to accept the host fingerprint on first connection, then enter your password (no characters display while typing).

Connect from Linux or macOS

Open Terminal and run ssh -l root -p 22 YOUR_SERVER_IP or simply ssh root@YOUR_SERVER_IP. Accept the SSH certificate by typing yes on first connection. Enter your password when prompted.

Paste password carefully without trailing spaces.

Generate SSH Key Pair (Linux/macOS)

For secure key-based auth, open Terminal and run ssh-keygen -t ed25519. Press Enter to accept default location (~/.ssh/id_ed25519). Add a passphrase for extra security. This creates private (id_ed25519) and public (id_ed25519.pub) keys.

Never share your private key; store securely.

Generate SSH Keys on Windows (PuTTYgen)

Download and install PuTTY/PuTTYgen. Open PuTTYgen, click 'Generate', move mouse for randomness. Add key comment and passphrase. Save public and private keys. Copy public key text starting with ssh-ed25519 or ssh-rsa.

Upload Public Key to Server

Connect via SSH password first. Run mkdir -p ~/.ssh if needed. Edit vi ~/.ssh/authorized_keys or nano ~/.ssh/authorized_keys, paste public key (one per line), save with :wq (vi) or Ctrl+O/X (nano). Alternatively, use ssh-copy-id -p 22 root@YOUR_IP.

Preload keys during OS reinstall via Control Panel.

Connect Using SSH Keys

On Linux: ssh -i ~/.ssh/id_ed25519 root@YOUR_IP. On Windows PuTTY: Load private key in Connection > SSH > Auth. Now connect without password; enter key passphrase if set.

Disable password auth in <code>/etc/ssh/sshd_config</code> after setup for security.

Change SSH Port (Optional)

Edit vi /etc/ssh/sshd_config, uncomment/find Port 22, change to 1024-65536 (e.g., Port 2222). Save/exit, run systemctl restart ssh. Update firewall: ufw allow 2222/tcp. Connect with ssh -p 2222 root@IP.

Apply Security Best Practices

Use keys over passwords, add passphrase to keys, keep keys safe. Regularly update server and SSH config. Consider fail2ban for brute-force protection.

Check <code>/etc/ssh/sshd_config</code> for PasswordAuthentication no after keys.

Common Issues & Troubleshooting

Connection refused

Check server status/restart in Control Panel, verify IP/port (default 22), ensure SSH service running, check firewall/ufw allows port, use VNC for access.

Permission denied (password)

Reset password via Control Panel, ensure no trailing spaces when pasting, confirm root username.

Warning: Remote host identification changed

Remove old key: <code>ssh-keygen -R SERVER_IP</code>, then reconnect.

Fail2ban or IP banned

Use VNC/Control Panel to unban IP or reset via panel.

Can't connect after OS reinstall

Resend password via Control Panel, preload SSH keys during reinstall.

Visit Contabo View Contabo Pricing