The “ssh_exchange_identification: read: Connection reset by peer” error is a common issue that can occur when attempting to connect to a remote server via SSH. This error can be caused by a variety of factors, including network issues, server configuration, or authentication problems. Fortunately, there are a few steps you can take to troubleshoot and fix this error. In this guide, we will discuss the causes of this error and provide some tips on how to fix it.
How to Fix “ssh_exchange_identification: read: Connection reset by peer” Error
1. Check the SSH server logs:
The first step in troubleshooting this error is to check the SSH server logs. This will help you identify the cause of the error and provide you with more information about the issue.
2. Check the network connection:
The next step is to check the network connection between the client and the server. Make sure that the connection is stable and that there are no issues with the network.
3. Check the SSH configuration:
The next step is to check the SSH configuration on both the client and the server. Make sure that the configuration is correct and that all the necessary settings are enabled.
4. Restart the SSH service:
If all the above steps fail, then you can try restarting the SSH service on both the client and the server. This will reset the connection and may help resolve the issue.
5. Check the firewall settings:
Finally, you should check the firewall settings on both the client and the server. Make sure that the necessary ports are open and that the firewall is not blocking the connection.
A remote machine has prevented an SSH connection you were attempting to establish or maintain. The “ssh_exchange_identification: read: Connection reset by peer” message is not specific enough to immediately explain what triggered the error.
To be able to resolve the issue successfully, we first need to identify its cause. This article provides an in-depth analysis of the likely causes and provides the most effective solutions.
By reading this tutorial, you will learn how to fix the “ssh_exchange_identification: read: Connection reset by peer” Error.
- Necessary permissions to access remote server
- A user account with root or sudo privileges
What Causes the “Connection reset by peer” SSH Error?
The “ssh_exchange_identification: read: Connection reset by peer” error indicates that the remote machine abruptly closed the Transition Control Protocol (TCP) stream. In most instances, a quick reboot of a remote server might solve a temporary outage or connectivity issue.
Note: Network-based firewalls or load-balancers can sometimes distort IPs or security permissions. This type of problem can be resolved by contacting your service provider.
Learning how to troubleshoot this issue, and determining the underlying cause, helps you prevent future occurrences on your system. The most common causes of the “ssh_exchange_identification: read: Connection reset by peer” error are:
- The connection is being blocked due to the Host-Based Access Control Lists.
- Intrusion prevention software is blocking your IP by updating firewall rules (Fail2ban, DenyHosts, etc.).
- Changes to the SSH daemon configuration file.
Check the hosts.deny and hosts.allow File
The hosts.deny and hosts.allow files are TCP wrappers. As a security feature, these files are used to limit which IP address or hostname can establish a connection to the remote machine.
Note: Inspect the hosts.deny and hosts.allow files on the remote server, not on the local client.
How to Edit hosts.deny File
Access your remote server and open the hosts.deny file using your preferred text editor. If you are using nano on a Debian based system, enter the following command:
sudo nano /etc/hosts.deny
Empty lines and lines starting with the ‘#’ symbol are comments. Check if you can locate your local IP or host-name in the file. If it is present, it should be removed or commented out, or else it prevents you from establishing a remote connection.
After making the necessary changes, save the file and exit. Attempt to reconnect via SSH.
How to Edit hosts.allow File
As an additional precaution, edit the hosts.allow file. Access rules within the hosts.allow are applied first. They take precedence over rules specified in hosts.deny file. Enter the following command to access the hosts.allow file:
sudo nano /etc/hosts.allow
Adding host-names and IPs to the file defines exceptions to the settings in the hosts.deny file.
For example, a strict security policy within the etc/hosts.deny file, would deny access to all hosts:
sshd : ALL ALL : ALL
Subsequently, you can add a single IP address, an IP range, or a hostname to the etc/hosts.allow file. By adding the following line, only the following IP would be allowed to establish an SSH connection with your remote server:
sshd : 10.10.0.5, LOCAL
Keep in mind that such a limiting security setting can affect administering capabilities on your remote servers.
Check if fail2ban Banned Your IP Address
If you’ve tried to connect on multiple occasions, your IP might be blocked by an intrusion prevention software. Fail2ban is a service designed to protect you from brute force attacks, and it can misinterpret your authentication attempts as an attack.
Fail2ban monitors and dynamically alters firewall rules to ban IP addresses that exhibit suspicious behavior. It monitors logs, like the hosts.deny and hosts.allow files we edited previously.
In our example, we used the following command to check if the iptables tool is rejecting your attempted connections:
sudo iptables -L --line-number
The output in your terminal window is going to list all authentication attempts. If you find that a firewall is indeed preventing your SSH connection, you can white-list your IP with fail2ban. Otherwise, the service is going to block all future attempts continuously. To access the fail2ban configuration file, enter the following command:
sudo nano /etc/fail2ban/jail.conf
Edit the file by uncommenting the line that contains
"ignoreip =" add the IP or IP range you want to white-list.
Fail2ban is now going to make an exception and not report suspicious behavior for the IP in question.
Check the sshd_config File
If you are continuing to experience the ‘ssh_exchange_identification: read: Connection reset by peer’ error, examine the authentication log entry. By default, the SSH daemon sends logging information to the system logs. Access the /var/log/auth.log file after your failed attempt to login. To review the latest log entries type:
tail -f /var/log/auth.log
The output presents the results of your authentication attempts, information about your user account, authentication key, or password.
The log provides you with information that can help you find possible issues in the sshd configuration file, sshd_config. Any changes made to the file can affect the terms under which an ssh connection is established and lead the remote server to treat the client as incompatible. To access the sshd_config file type:
sudo nano /etc/ssh/sshd_config
The sshd configuration file enables you to change basic settings, such as the default TCP port or SSH key pairs for authentication, as well as more advanced functions such as port-forwarding.
For example, the
MaxStartups variable defines how many connections a system accepts in a predefined period. If you have a system that makes a large number of connections in a short timeframe, it might be necessary to increase the default values for this variable. Otherwise, the remote system might refuse additional attempted ssh connections.
Anytime you edit the sshd_config file, restart the sshd service for the changes to take effect:
service sshd restart
Only edit the variables that you are familiar with. A server can become unreachable as a result of a faulty configuration file.
You have thoroughly checked the most common reasons behind the “ssh_exchange_identification: read: Connection reset by peer” error. By looking at each possibility, in turn, you have successfully solved the issue and now know how to deal with similar problems going forward.
The number of potential causes is vast and difficult to troubleshoot in every respect. Ultimately, if the error persists, it might be necessary to contact your host.
How to Fix “ssh_exchange_identification: read: Connection reset by peer” Error
If you are trying to connect to a remote server via SSH and you get the error message “ssh_exchange_identification: read: Connection reset by peer”, it means that the connection was reset by the remote server. This can be caused by a number of different issues, but the most common cause is a firewall or other security measure blocking the connection.
Step 1: Check Your Firewall
The first step is to check your firewall settings. If you are using a firewall, make sure that it is allowing connections on port 22 (the default SSH port). If you are using a router, make sure that port forwarding is enabled for port 22.
Step 2: Check Your SSH Configuration
The next step is to check your SSH configuration. Make sure that the SSH server is running on the remote server and that it is configured to accept connections on port 22. You can also check the SSH configuration file (usually located in /etc/ssh/sshd_config) to make sure that the correct port is being used.
Step 3: Check Your Network Connection
If the firewall and SSH configuration are correct, then the next step is to check your network connection. Make sure that the remote server is reachable from your computer and that there are no network issues that could be causing the connection to be reset.
Step 4: Check Your SSH Key
If all of the above steps have been checked and the connection is still being reset, then the next step is to check your SSH key. Make sure that the SSH key is correctly configured on both the client and the server. If the key is not correctly configured, then the connection will be reset.
If you are getting the “ssh_exchange_identification: read: Connection reset by peer” error when trying to connect to a remote server via SSH, then it is likely due to a firewall or other security measure blocking the connection. To fix this issue, check your firewall settings, SSH configuration, network connection, and SSH key.