How to recover from UFW SSH lockout

Regain access to a server after UFW blocked SSH by using console access, recovery mode, or cloud provider tools.

Prerequisites
Step-by-Step: Recover from UFW SSH Lockout
1. Access the Server Through the Cloud Console
2. Disable UFW from the Console
3. Add the SSH Rule and Re-Enable UFW
4. Verify SSH Access from the Remote Machine
Prevention

Regain SSH access to a remote server after UFW was enabled without an SSH allow rule, locking out all remote connections.

Prerequisites

An alternative access method: cloud provider console (AWS, GCP, Azure), physical console, or KVM/IPMI access

Step-by-Step: Recover from UFW SSH Lockout

1. Access the Server Through the Cloud Console

Use the cloud provider's web-based console or serial console:

AWS:EC2 Console → Connect → EC2 Instance Connect
GCP:Compute Engine → SSH button in the console
Azure:Virtual Machines → Serial Console

2. Disable UFW from the Console

sudo ufw disable

UFW immediately drops all firewall rules. SSH access is restored.

3. Add the SSH Rule and Re-Enable UFW

sudo ufw allow ssh
sudo ufw enable

4. Verify SSH Access from the Remote Machine

ssh user@203.0.113.50

Prevention

Always run sudo ufw allow ssh before sudo ufw enable. Add this as a mandatory first step in any server provisioning script. See UFW: connection refused after enabling.