How to fix ‘ssh_exchange_identification: read: Connection reset by peer’

The “ssh_exchange_identification: read: Connection reset by peer error” error message is not very common. It can happen when you try to SSH into a Unix server. For example when you are accessing Ubuntu through Windows with Cygwin. Or if you are accessing MacOS via terminal by “SSHing” into Arch, Fedora or CentOS. SSH is available on Unix and Linux, and so is the error. When the remote server does a connection reset, without permission, it can trigger.

In this article, we are going to look at different approaches on how to solve the problem. Below are some methods you can try when you encounter the “ssh_exchange_identification” problem.

3 solutions to fix the ‘ssh_exchange_identification: read: Connection reset by peer’ error

  1. Look into the hosts.deny file
  2. Edit the SSH config options
  3. Bypass the mistaken IP ban

1. Look into the hosts.deny file

To do this, you need to have admin privileges on the server, as well as a way to access it. If you meet these conditions, then this approach is likely the simplest hack. Go straight to the server’s hosts.deny file and check it’s contents.

Your computer has no permission to access the server if there is a line with your IP address in this file.

Enter the following command on the server to view the content of the hosts.deny file.

sudo nano /etc/hosts.deny 

Remove the entry with your IP address in the hosts.deny file, if there is any. You can remove the IP address here and save the file. Try to reconnect to the server to see if you can connect now. Make sure there is nothing else that connects to this machine with your username.

One single line in one file can block access to the target machine. You can also try to add your credentials and IP address to the hosts.allow file to see if this helps.

To open the hosts.allow file, type the following command:

sudo /etc/hosts.allow

Hosts that are in the hosts.allow file can connect to the machine. Enter your credentials and hostname or IP address to the file. This increase the chance of making a successful connection. This is not necessary, but you can try if it works for you. Follow the instructions in the top of the file. Also, make sure to type in the correct host. Type CTRL + O to save the file and CTRL + X to exit.

At this stage, you should be able to SSH into the server.

2. Edit the SSH config options

If the first approaches didn’t work, you can try to wipe out the SSH configuration. If this solves the problem, there is an error in the SSH configuration.

Try to make a connection to the target machine and add the -v flag to your SSH command. Also, add -c aes256-ctr to your SSH command if the error still pops up. With the packet size and cipher list shortened, this last hack is likely to crack the problem.

This approach is particularly very effective for troubleshooting Cisco-branded devices. This is because there is hardware designed to work only with smaller packet sizes. All you have to do is add -c aes256-ctr to your SSH command and that would get you on board.

3. Bypass the mistaken IP ban

It is possible that the server is the problem. If you tried al the other solutions without success, try looking into iptables. It is possible that the server banned your IP address by accident.

This can happen if your attempts at connecting to the network were mistaken for an attack. The fail2ban subroutine could see this action as an attack and block your IP address. Run the following command from the command line and look for your IP address.

sudo iptables -L –line-number

What you would likely discover is that there are plenty of unrelated networks. You can ignore them.

When you have found the problem in iptables run the following command. With the -D flag you delete one rule from the chain.

iptables -D

Followed by the offending chain and chain number so that you do not get banned again. If your problem is not yet solved, edit the following file.

/etc/fail2ban/jail.conf

Launch your text editor and load up the file as root. You can do this with the following command.

sudo nano /etc/fail2ban/jail.conf

Then go on to look for the line that has “ignoreip“. Include your IP address in this line. That would prevent fail2ban from blocking your IP.

All these solutions can work a little different on the various Linux distributions. But with these tips, you should be able to fix the error.

 

 

advertisement