The SSH_EXCHANGE_IDENTIFICATION: read: connection reset by peer is very rare, but you can run into it if you are trying to ssh into any Unix server. It won’t matter if you are using Windows with Cygwin to gain access to macOS or Ubuntu with the terminal to the ssh into the arch, CentOS or fedora.
And since ssh is universal across Limex and Unix, SSH_EXCHANGE_IDENTIFICATION: read: connection reset by peer error tends to occur at any time when the remote server removes your connection without your sanction.
Secure Shell (SSH) is an essential tool for remote server management and secure data communication. However, like all software tools, SSH occasionally presents users with errors that can disrupt operations.
One such error is the ‘SSH_EXCHANGE_IDENTIFICATION’ error. This article dives deep into understanding the cause of this error, solutions to resolve it, and related SSH concerns.
What does SSH_EXCHANGE_IDENTIFICATION mean?
The term ‘SSH_EXCHANGE_IDENTIFICATION’ refers to the initial phase of an SSH connection where the client and server exchange identification strings.
These strings typically contain information about the software version of both SSH client and server. Any error or disruption during this exchange process leads to connection failures.
What Causes the SSH_EXCHANGE_IDENTIFICATION Error “Connection Reset By Peer”?
The “Connection Reset By Peer” error under ‘SSH_EXCHANGE_IDENTIFICATION’ generally indicates that during the identification exchange phase, the remote server (or “peer”) unexpectedly closed the connection. This can be due to several reasons:
- Server Overload: If the SSH server receives too many connection requests simultaneously, it might reset some connections.
- Configuration Issues: Misconfigurations in the
sshd_configfile, particularly the ‘AllowUsers’ or ‘DenyUsers’ directives, can lead to this error. - Firewall Restrictions: Sometimes, firewall settings on the server might reset certain incoming connections.
- Host Denial: The server’s
hosts.denyfile might contain rules that block connections from specific IP addresses.
How to Fix SSH_EXCHANGE_IDENTIFICATION: Read: Connection Reset By Peer
Solution 1: Check the Hosts.deny File
In case you possess administrative privileges on the server or a way to gain it’s accessed then till now the easiest way to resolve SSH_EXCHANGE_IDENTIFICATION: read: connection reset by peer error is to navigate to a prompt logged directly into server’s computer and then have a look at the Hosts. Deny file.
You have to type: sudo nano/etc/hosts.deny
on the server to check if your machine is listed as banned for some reason. If this is the case, then this must be a mistake, and you can easily remove it and then reconnect through ssh on the other machine.
Or else, check to ensure that there are no weird wildcards that could have forbade your machine from getting connected. A fresh file that has nothing but the default text that had been added by the server’s distribution would not be your culprit, however, in the majority of cases.
sudo/etc/host.allow
If you would like to add your remove login normally to ensure that it will connect. It is to be noted that it is rarely necessary, but if you do so and add then, you are required to follow the informational text that distribution provided.
Solution 2: Changing ssh Configuration Options
If In case you are unable to get to the remote server or if the previous method failed to fix your problem then you should clear out the old ssh configuration files and then see if it resolves the issue after an update.
If it does not, then add the v- option to ssh and then try to connect again if you get an error message, then try adding -c aes256-ctr to the ssh command and see if this solves SSH_EXCHANGE_IDENTIFICATION: read: connection reset by peer issue.
This will shorten the cypher list and enable you to connect you to the server you have been trying to ssh into as this shortens the packet size in turn.
Some of the users have noticed that it is especially useful when the troubleshooting of some sort of cisco- branded equipment as some pieces of the server hardware by default require smaller packet sizes. Add -c aes256-ctr to the usual ssh command and it should enable you to get in.
Solution 3: Overriding Accidental IP Bans
In case you had tried to get logged in numerous times before but got denied, they may be your server mistook you for some bad IP address. This usually happens if the user keeps retrying to connect during troubleshooting, which is an obvious response but it looks like an attack to fail2ban subroutine.
To ensure that this did not happen, Run sudo IP tables -L-line- a number from remote connect and then look for your IP address. You will possibly find that there is any number of unrelated connections. You should just ignore them.
Once you have detected the problem, Run IP tables-D followed by an offending chain and the chain number to avoid you from getting banned by your software again. This should prevent any further problems, but if you still face some issue then you should edit the file given below:
/etc/file2ban/jail.conf
Load this up in your favourite text editor and more than likely vi or nano, as root. You will probably wish to run something like:
Sudo nano/etc/fail2ban/jail.conf
And look for a line which reads ignore IP. Then add your IP address to this line to permanently block fail2ban from adding your IP address to any of the blocklists. Different Linux distribution does things differently, but the made changes should work instantly in most of the cases.
What is the “SSH_EXCHANGE_IDENTIFICATION connection Closed by Remote Host” Error?
This error message is similar to “Connection Reset By Peer” but indicates that the remote SSH server closed the connection immediately after the identification exchange, without any data transfer. This could be due to:
- Strict Security Policies: Servers with stringent security rules might close connections from unrecognized or unauthorized clients.
- Corrupted SSH Keys: If the SSH key used for authentication is corrupted or not recognized by the server, the connection might be closed.
How do I fix “Read: Connection Reset by Peer”?
- Review Configuration: Check your
sshd_configfile on the server for any configuration that might be denying your connection. - Check Server Load: Ensure the server isn’t overwhelmed with connections. Use tools like
netstatto check active connections. - Inspect Firewall Settings: Verify if the server’s firewall settings are blocking or resetting SSH connections.
- Update SSH: Ensure both client and server are using the latest SSH versions. Compatibility issues can sometimes cause errors.
How do I Reset my SSH Connection?
To reset an SSH connection:
- Terminate the current SSH session using the
exitcommand. - If the session is unresponsive, you can forcefully close the terminal or use key combinations like
Ctrl + Cto interrupt the session. - Re-establish the connection using the
sshcommand.
How many SSH Connections can a Server Handle?
The number of SSH connections a server can handle simultaneously depends on its configuration and resources. By default, most SSH servers are set to accept 10 simultaneous connections.
However, this can be modified in the sshd_config file with the MaxStartups directive. It’s crucial to strike a balance – too many connections can exhaust server resources, while too few can limit operations.
Read Next:
- DNS server might be unavailable
- No Audio Device is Installed
- iTunes Not Opening
- The Audio Service is Not Running
Conclusion
SSH_EXCHANGE_IDENTIFICATION: read: connection reset by peer error occurs rarely. It is generally due to some sort of misunderstanding by the software due to which your connection gets removed or banned.
Diagnose the root of the problem correctly and follow the instructions given above with the alert mind. Or you can start with the first method and work your way down until one method works. Hope that the guide proves useful to you.
