kex_exchange_identification: read: Connection reset by peer. Connection works on other NIC/subnet

Solution 1:

To me, that sounds like a routing problem or a problem with the netmasks. I have seen cases with a similar configuration, where the network stack tried to use the wrong interface for outgoing packets, i.e. where outgoing packets for both subnets were routed over the interface for the first subnet.

So the first thing to test is whether you can ping another machine in each of the subnets from the server, and vice versa. To make the testing process less error prone, you should configure the other machines (clients) to use only one IP address (otherwise, the test could fail because of wrong configuration of the other machines, which would be misleading).

The next thing would be a deep look into the output of route -n on the server and on the clients. Perhaps that already shows the cause of the problem. Would you mind publishing that output?

Furthermore, the output of ifconfig -a would be useful (again on the server and on the clients) - we'd eventually like to understand your netmasks.

When publishing those outputs, I think you don't need to obfuscate the IP addresses as long as they are from the private range. Obfuscating per se might be error prone, making analysis impossible.

If you decide to publish those outputs (please edit your question accordingly instead of using comments for that, because that outputs may be long), I'll have a look at it and try to find out what is happening.