SSH issues: Read from socket failed: Connection reset by peer

The problem sounds like a server-side bug. When the client sends the list of ciphers the openssh server probably expects to be able to read the list in a single system call.

If the list of supported ciphers is longer than can be transmitted in one packet, the server may get fewer bytes in the first call than it expected. The correct behavior on the server would be to perform another call to get the rest of the bytes. But from the problem description it appears, the server instead closes the connection when it did not get the full list of ciphers at once. When the next packet from the client arrives, the server will send a connection reset to the client.

Configuring the client to use a shorter list of ciphers would then work around the bug. The openssh client will look for the list of ciphers in the following places:

  1. On the command line using either -c cipher_spec or -o Ciphers=cipher_spec
  2. In ~/.ssh/config by specifying Ciphers cipher_spec in the relevant host section or before the first host.
  3. In /etc/ssh/ssh_config using the same format as ~/.ssh/config
  4. A default list built into the client at compile time.

The two configuration files are respectively per-user and system-wide settings. Using Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc like Eric suggested should work fine.


You can specify cipher in ssh config file (/etc/ssh/ssh_config or similar, depends on $PREFIX etc). Any option you pass to ssh client on command line can be set in ssh (client) config file.

Here is the relevant line (just uncomment):

#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

My way to fix it, hope it helps someone :

# Recreate host keys
sudo rm /etc/ssh/ssh_host_*
sudo ssh-keygen -A

# Re-install SSh
sudo apt-get --reinstall install openssh-server openssh-client

Edit sshd_config by adding a value

add :  MaxAuthTries 3

Edit ssh_config by uncommenting a value

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc