SSH Connection Error : ssh_exchange_identification: read: Connection reset by peer

ssh linux

When I tried to connect to the server via SSH, I'm getting the following error,

[root@oneeighty ~]# ssh -vvv -p 443 [email protected]
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx [IP] port 443.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
ssh_exchange_identification: read: Connection reset by peer

I have checked the SSH configuration on server and client and there are no issues.

Restarted the SSH Service on Server and then restarted the server/client, but the issues is not resolved.


Solution 1:

This can be a result of number of things.

Few things you can quickly try are as follows,

  • Look in /etc/hosts.deny for any entry like sshd: ALL

  • Perhaps, add sshd: ALL to /etc/hosts.allow

  • It is possible that your SSHD's HostKeys are corrupt. They're present in /etc/ssh/ directory. You may delete them and restart sshd and it shall re-generate them. In case it gives an errors, please use the following commands

    $ ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
$ ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
$ ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
$ /etc/init.d/sshd start

Solution 2:

The next line in the debug should look like:

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7

You've confirmed on StackOverflow that you're using NATing/port forwarding from an external IP address. You've also verified that you can ssh from the local box to itself. As sshing locally to port 443 works then you need to verify the port mapping works.

Try:

  1. SSH from another box in the same subnet
  2. Run iptables -L and check that port 443 is open or INPUT and OUTPUT is set to ACCEPT
  3. Run tcpdump -A -s 0 port 443 and then try sshing to the external IP. You should see data arrive with source address of the router

Related

How to start qemu directly in the console (*not* in curses or SDL)
AWS CloudFormation - Custom variables in templates
SQL Data-Tier Application - Export vs. Extract
last time an AD user has logged in?
How many processes should I specify in a WSGIDaemonProcess while running Django through mod_wsgi?
What does the downwards arrow symbol on a User mean in Active Directory
Nginx proxy_read_timeout vs. proxy_connect_timeout
What does "- - -" in 'echo "- - -" > /sys/class/scsi_host/host0/scan' mean?
What are the basics of running a Web Server?
Measure total latency of SSH session
Proxy exceptions when using $http_proxy env var? [closed]
Mount CIFS share gives "mount error 127 = Key has expired"