If you’re having trouble connecting to a remote machine, you might see the error message “ssh_exchange_identification: read: connection reset by peer.” This article will help you determine the root cause of the problem and fix it.
What Causes the “connection reset by peer” Error?
Several potential causes exist for the “ssh_exchange_identification: read: connection reset by peer” error. The most common reasons are listed below.
One possible cause is that the SSH daemon file related to the configuration has been modified. If so, try restoring the original file or contact your system administrator.
Another possibility is that your firewall rules or intrusion prevention software have blocked your IP address. This can be resolved by upgrading the firewall rules or whitelisting your IP address with intrusion prevention software.
A third potential reason for this error message is due to Host-Based Access Control Lists (HBAC). In some cases, the connection may be banned due to security policies. You will need to contact your system administrator to resolve the issue if this is the case.
How to Fix ssh_exchange_identification: read: connection reset by peer
1. Check the host.deny and host.allow Files
Edit the host.deny File
The hosts.deny and hosts.allow files are used to enable or deny connections. These files are a security precaution to restrict the hostnames or IP addresses that may be linked to the remote system. Connect to your remote server and open the hosts.deny file:
sudo nano /etc/hosts.denyThe remote server will deny any IP or hostname in this file. If you don’t to block the IP or hostname, remove them from the hosts.deny file.
Edit the host.allow File
Edit the hosts.allow file by running this command:
sudo nano /etc/hosts.allowTo enable access to remote servers, you must add their IP addresses and hostnames to the hosts.allow file. Creating exceptions for the hosts.deny file settings is accomplished by adding IP addresses and hostnames to the host.allow file.
For example, creating a policy in the host.deny file that restricts access to all hosts is one way to increase security. Then, you can add specific IP addresses and hostnames to the hosts.allow file to allow access for remote servers.
For example, a strict security policy in the etc/hosts.deny file would deny access to all hosts:
sshd : ALL
ALL : ALLIn the etc/hosts.allow file, you may add a single IP address, an IP range, or a hostname to the list of permitted connections. Add the following line to allow only the specified IP addresses to connect via SSH with your remote server:
sshd : 74.6.143.26, LOCALAfter making your changes, save and close the file. Then, try connecting again from your remote system.
2. Check the sshd_config File
Check the authentication log entry if you still get the “ssh_exchange_identification: read: connection reset by peer” error. By default, the SSH daemon sends logging information to the system logs.
If you can’t log in, check for /var/log/auth.log in your directory. This command will show you the most recent entries:
tail -f /var/log/auth.logThis command displays account information, password, authentication key, and the results of your authentication attempts.
The log file contains information that might help you find potential problems with the SSHD configuration file. For example, when an ssh connection is established, the changes made to the log file modify the terms agreed upon by both parties, which results in the remote server rejecting the client.
To access the sshd_config file, run this command:
sudo nano /etc/ssh/sshd_configThe default settings for the system (such as the authentication of ssh key pairs, TCP port, and so on) may be modified in the SSHD configuration file.
The complicated capabilities such as forwarding ports can all be managed by changing the sshd configuration file. If you change the sshd config file, restart the SSHD service before these modifications are available.
On Ubuntu or Debian Linux, you can restart the sshd service by running this command:
sudo systemctl restart ssh.serviceOn RHEL/CentOS Linux, you can restart the sshd service by running this command:
sudo systemctl restart sshd.service3. Check Your Firewall Rules
If you still can’t connect, check your firewall rules. The iptables firewall is a popular way to manage server security.
The service may be disabled or not configured properly. You can check the status of the iptables service by running this command:
sudo service iptables statusIf the service is active, you can check if your IP is blocked:
sudo iptables -LYou can also temporarily stop iptables:
systemctl stop iptables.service
If you can connect to the remote machine, it means the firewall rules are blocking access.
Conclusion
With so many factors to consider, troubleshooting them is tough. If the ssh exchange identification error persists, your host may need to be contacted. Now that you’ve gone through the most common causes of the “ssh exchange identification: read Connection reset by peer” problem, you should be able to fix it and know how to deal with it if it reappears.
If you’re still having trouble, the best thing to do is contact your host and ask for their help. They may be able to see something you don’t or have suggestions on how to fix the problem.
Remember that not every problem has a simple solution, but with a little effort, you should be able to get your ssh connection up and running again.
