🟠 High   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: Ubuntu 24.04 LTS

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Remote SSH access fails after firewall changes, risking admin lockout.

Environment & Reproduction

Usually after enabling UFW with deny defaults.

sudo ufw status verbose
ss -lntp | grep :22
ssh -v localhost

Root Cause Analysis

SSH allow rule missing, wrong interface scope, or rule order conflict.

Quick Triage

Review active policy and numbered rules.

sudo ufw status numbered
sudo iptables -S | head -n 80
sudo journalctl -u ufw -n 80 --no-pager

Step-by-Step Diagnosis

Confirm daemon listens and packet path reaches host.

sudo systemctl status ssh
ip -br a
sudo tcpdump -ni any port 22 -c 20
Illustrative mockup for ubuntu-24-04-lts β€” terminal_or_shell
Auditing UFW policy and active rules β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Insert explicit SSH allow rule before restrictive entries.

Still having issues? Our IT Consulting team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo ufw allow 22/tcp
sudo ufw reload
sudo ufw status numbered
Illustrative mockup for ubuntu-24-04-lts β€” log_or_config
Restoring safe SSH allow policy β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Allow from admin CIDR only for tighter control.

sudo ufw delete allow 22/tcp
sudo ufw allow from 203.0.113.0/24 to any port 22 proto tcp
sudo ufw status

Verification & Acceptance Criteria

SSH connects locally and from remote network.

ssh -o ConnectTimeout=5 localhost true
ss -lntp | grep :22
sudo ufw status verbose

Rollback Plan

Temporarily disable UFW from console if remote lockout persists.

sudo ufw disable
sudo systemctl restart ssh
sudo ufw enable

Prevention & Hardening

Always add SSH allow rule before enabling firewall defaults.

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow OpenSSH

May coincide with cloud ACL or security group misconfiguration.

Related tutorial: View the step-by-step tutorial for Ubuntu 24.04 LTS.

View all Ubuntu 24.04 LTS tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu UFW and OpenSSH hardening documentation.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.