SSH error ssh_exchange_identification: read: Connection reset by peer

"Connection reset by peer" means the TCP stream was abnormally closed from the other end. I think the most likely explanations are that the remote server process handling the connection has crashed, or else some network device (like a stateful firewall or load balancer) has decided to interfere with the connection.

You need to debug this on the remote server if you can. sshd logs through syslog, and on a typical Unix system the log entries will be in one of the files in the /var/log directory. If you're lucky, sshd will be logging something every time it drops your session.

If you have root access on the server, you can run a debugging instance of sshd. Become root and then run:

/path/to/sshd -ddd -p 1022

This will run an instance of the SSH server which will listen on port 1022, accept one connection, and print debugging information to your terminal. Run your client as usual, except specify port 1022 as the port:

ssh -p 1022 user@host

The debugging information printed by the server will hopefully make it clear what is happening.

Edit: The server output indicates that the server isn't crashing or deliberately closing the TCP connection. Something else is causing it to close. I would take a look at any security software installed on the server which might monitor TCP sessions, as well as any firewalls, load balancers, or similar network hardware which might be part of the local network.


I am having the same issue. Right now, it looks like the issue is with my ISP. Try doing a traceroute to your server. For me, this fails before reaching the server.

My server is a shared hosting server. My hosting company told me they have had the same issue with other clients using AT&T or Comcast.

I hope this helps, or at least saves you from spending excessive time on other possibilities.


It's too late here, but might be someone just jumping into this find it helpful.

  1. Restart (stop & start) the server.
  2. Access to server by ssh again with the public ip. (You can continue to next step if it is successfully.)
  3. Restart web server.

That's it or you might need to point domain to the public ip again.

My environments are AWS and NGINX.