Out of nowhere, ssh_exchange_identification: Connection closed by remote host

ssh ubuntu

For me on CentOS7 it was caused by a lot of brute force login attempts coupled with the default setting of MaxStartups for sshd.

The manual page for sshd_config has this to say:

MaxStartups

Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10.

Alternatively, random early drop can be enabled by specifying the three colon separated values ''start:rate:full'' (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of ''rate/100'' (30%) if there are currently ''start'' (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches ''full'' (60).

Setting the start value to 25 (e.g., MaxStartups 25:30:100) in /etc/ssh/sshd_config resolved the issue.


The same error

ssh_exchange_identification: Connection closed by remote host

happens when private keys (files) are readable by all, i.e. have the wrong permissions.

For example, if any of the private keys

  • ssh_host_key
  • ssh_host_dsa_key
  • ssh_host_rsa_key

in /etc/ssh/ are chmod 644 (should be chmod 600).

The following permissions results in "ssh_exchange_identification: Connection closed by remote host" error:

root@host:/etc/config/ssh# ls -la
drwxrwxrwx    2 root     root            0 Aug 24  2005 .
drw-rw-rw-    3 root     root            0 Apr  3  2007 ..
-rw-r--r--    1 root     root        88039 Aug 24  2005 moduli
-rw-r--r--    1 root     root         1559 Aug 24  2005 ssh_config
-rw-r--r--    1 root     root          668 Aug 24  2005 ssh_host_dsa_key
-rw-r--r--    1 root     root          599 Aug 24  2005 ssh_host_dsa_key.pub
-rw-r--r--    1 root     root          524 Aug 24  2005 ssh_host_key
-rw-r--r--    1 root     root          328 Aug 24  2005 ssh_host_key.pub
-rw-r--r--    1 root     root          883 Aug 24  2005 ssh_host_rsa_key
-rw-r--r--    1 root     root          219 Aug 24  2005 ssh_host_rsa_key.pub
-rw-r--r--    1 root     root         2018 Aug 25  2005 sshd_config

Corrected permissions, connections should now be accepted:

root@host:/etc/config/ssh# ls -la                    
drwxrwxrwx    2 root     root            0 Aug 24  2005 .
drw-rw-rw-    3 root     root            0 Apr  3  2007 ..
-rw-r--r--    1 root     root        88039 Aug 24  2005 moduli
-rw-r--r--    1 root     root         1559 Aug 24  2005 ssh_config
-rw-------    1 root     root          668 Aug 24  2005 ssh_host_dsa_key
-rw-r--r--    1 root     root          599 Aug 24  2005 ssh_host_dsa_key.pub
-rw-------    1 root     root          524 Aug 24  2005 ssh_host_key
-rw-r--r--    1 root     root          328 Aug 24  2005 ssh_host_key.pub
-rw-------    1 root     root          883 Aug 24  2005 ssh_host_rsa_key
-rw-r--r--    1 root     root          219 Aug 24  2005 ssh_host_rsa_key.pub
-rw-r--r--    1 root     root         2018 Aug 25  2005 sshd_config

It's almost certainly the /etc/hosts.deny file has an entry for your machine, add 

sshd: xxx.yyy.zzz.aaa

for your connecting ip address to /etc/hosts.allow

Related

Which AWS features are EBS backed?
What is stored in %Windir%\System32\LogFiles\WMI\RtBackup?
Unexplained slow gigabit network speeds
Differences between "reboot" and "ec2-reboot-instances"
Vendor whitepaper says: 5Mpps no prob. I'm already hitting a wall at 120kpps. Where's the bottleneck?
Good Shibboleth tutorials out there? [closed]
Unexpected(?) high 'wasted' memory in memcached
Automatically Use PowerShell on Server Core
How to increase the timeout of Elastic Beanstalk deployments?
How to split the nginx config across multiple lines?
IIS7 - Lock Violation error, HTTP handlers, modules, and the <clear /> element
Apache2 with SSL do I have to copy VirtualHost blocks?