I've got an odd and urgent problem. I'm trying to connect to a vendor's ftp site. I have tried connecting from multiple places. I've found that I cannot connect from my production server1 but I can connect from my testserver1 which are both housed in the same datacenter. I can also connect from the backup server located in another datacenter. I cannot connect from my office computer, but I can connect from my home computer. Up until about 2 days ago, I was able to connect on all of these boxes.
I'm able to successfully ping the host from all boxes. I've run traceroutes for all of them as well and it doesn't appear to be cutting off anywhere. I've been on the phone with the vendors network admin and she says that despite it saying connection established on my end, she doesn't see me connecting anywhere in the logs.
I've tried browsing some other similar questions but I'm not having any luck. If anyone can point me in the right direction or shed any light on the situation it would be greatly appreciated. I've tried turning off the firewall on my office machine and still no luck. We're not using keys so I'm not sure why they are loading. Where it is being reset is where it prompts me for my password on the machines where it works.
I'm also more than happy to call the vendor's customer service if it's something on their end.
Update adding -vvv gave me the line: debug2: ssh_connect: needpriv 0between the applying options and connecting to host lines.
rschlachter
rschlachterrschlachter
5 Answers
- check your firewall just for test do
service iptables stop
and try to connect again. - try to ssh from the box to same box without going outside.
8,1572020 gold badges8686 silver badges150150 bronze badges
Give the correct permissions for the keys, I think SSH will not read the keys if they don't have the correct permissions, those permissions are 0600.
Also, do you have a brute force detector such as denyhosts? If so, make sure you are in the whitelist. Also check the /etc/hosts.deny and /etc/hosts.allow files (this is at the server where you are trying to connect).
jozejoze
In this case, we were able to get in touch with the vendor we were trying to connect to and their ISP. Their ISP watched and indeed they were, for whatever reason, closing our connection immediately.
rschlachterrschlachter
Age of empires 3 complete collection trainer online. In my case it turned out to be an ISP in Asia that was disrupting SSH connections. Using OpenVPN to a jump box elsewhere solves the temporary issue. If you bash your head against the wall trying to fix this, try a VPN link first and see if its transport related, rather than your config.
cyrrillcyrrill
Try to restart your SSH daemon, that could solve the problem.
I had the same issue and restarting the SSH service solved it by resetting it's security.
You can restart in WHM under Restart Services.
Ssh_exchange_identification Read Connection Reset By Peer Bitbucket
tribulanttribulant
Not the answer you're looking for? Browse other questions tagged sshftpconnectionsftp or ask your own question.
I can SSH in one direction with no problems:
OK:
but the other way:
I get
Read from socket failed: Connection reset by peer
.I don't even begin to know where to look to solve this.
Anyone have any clues?
boehjboehj1,58022 gold badges1616 silver badges2222 bronze badges
6 Answers
- start monitoring the server's log file
tail -f /var/log/auth.log
- add -v to get a verbose output at the client end
ssh user@computerB -v
This might give you more details about the cause. if the rsa and dsa keys are missing on the server, fix them by:
Eric Carvalho43.3k1717 gold badges120120 silver badges149149 bronze badges
änthräXänthräX
I re-installed the SSH bits by doing:
This fixed all my problems.
Kevin Bowen15.4k1515 gold badges6161 silver badges7272 bronze badges
boehjboehj1,58022 gold badges1616 silver badges2222 bronze badges
änthräX's method is very helpful. It works for me!
Basically I think, after installed ssh, key files are needed.
The only revision I made was to use
rsa
instead of rsa1
:That modified method worked for me.
Community♦
Alan_04Alan_04
It's because somehow the permissions of the files inside
/etc/ssh
have changed..So change the permission of the files like the example given below:use:
and so on..
Finally the file permissions should look like something like given below,
After changing the permissions try connecting from putty, should work fine.
Radu Rădeanu
124k3535 gold badges257257 silver badges330330 bronze badges
Varun JosephVarun Joseph
We had a similar problem, but it occurred only when logging from Ubuntu to Solaris. Making sure all these lines are present in
/etc/ssh/ssh_config
on the Ubuntu host fixed the problem (you should find some of these lines are already present):In the case of Xubuntu I needed only the last two.
Philip KearnsPhilip Kearns
This message can also stem from multiple attempted ssh attacks. If you're seeing this message in your logs, a malicious source may be attempting to ssh into your machine by using brute-force password attempts.
To slow down the attempts, install the package 'fail2ban':
From fail2ban's wiki page:
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time
How can the answer be improved? Cisco restricting access to the internet. Nov 13, 2012 for full Windows 7 IE8 support with the SSL Clientless VPN connection. I have a problem with users when they try and connect over a Verizon air-card. At first it functions normally, then the user gets kicked and the message below appears. The service provider in your current location is restricting access to the Internet. AnyConnect 'Service Provider is Restricting Access' KB ID 0000950 Dtd 22/05/14. I only tend to use AnyConnect for VPN.So while I was at a clients site the other week, I wanted to jump onto my test servers at home and was greeted by this.
LiloulinxLiloulinx
protected by Community♦Feb 27 '17 at 11:47
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Would you like to answer one of these unanswered questions instead?
Not the answer you're looking for? Browse other questions tagged ssh or ask your own question.
I keep having this issue, I have restarted the server already and still has this issue I used ssh --v and this is my log
OpenSSH7.8p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/anazodosomto/.ssh/config
debug1: /Users/anazodosomto/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/sshconfig
debug1: /etc/ssh/sshconfig line 48: Applying options for *
debug2: resolvecanonicalize: hostname 68.183.227.27 is address
debug2: sshconnectdirect
debug1: Connecting to 68.183.227.27 [68.183.227.27] port 22.
debug1: Connection established.
debug1: identity file /Users/anazodosomto/.ssh/idrsa type 0
debug1: identity file /Users/anazodosomto/.ssh/idrsa-cert type -1
debug1: identity file /Users/anazodosomto/.ssh/iddsa type -1
debug1: identity file /Users/anazodosomto/.ssh/iddsa-cert type -1
debug1: identity file /Users/anazodosomto/.ssh/idecdsa type -1
debug1: identity file /Users/anazodosomto/.ssh/idecdsa-cert type -1
debug1: identity file /Users/anazodosomto/.ssh/ided25519 type -1
debug1: identity file /Users/anazodosomto/.ssh/ided25519-cert type -1
debug1: identity file /Users/anazodosomto/.ssh/idxmss type -1
debug1: identity file /Users/anazodosomto/.ssh/idxmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH7.8
sshexchange_identification: read: Connection reset by peer
debug1: Reading configuration data /Users/anazodosomto/.ssh/config
debug1: /Users/anazodosomto/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/sshconfig
debug1: /etc/ssh/sshconfig line 48: Applying options for *
debug2: resolvecanonicalize: hostname 68.183.227.27 is address
debug2: sshconnectdirect
debug1: Connecting to 68.183.227.27 [68.183.227.27] port 22.
debug1: Connection established.
debug1: identity file /Users/anazodosomto/.ssh/idrsa type 0
debug1: identity file /Users/anazodosomto/.ssh/idrsa-cert type -1
debug1: identity file /Users/anazodosomto/.ssh/iddsa type -1
debug1: identity file /Users/anazodosomto/.ssh/iddsa-cert type -1
debug1: identity file /Users/anazodosomto/.ssh/idecdsa type -1
debug1: identity file /Users/anazodosomto/.ssh/idecdsa-cert type -1
debug1: identity file /Users/anazodosomto/.ssh/ided25519 type -1
debug1: identity file /Users/anazodosomto/.ssh/ided25519-cert type -1
debug1: identity file /Users/anazodosomto/.ssh/idxmss type -1
debug1: identity file /Users/anazodosomto/.ssh/idxmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH7.8
sshexchange_identification: read: Connection reset by peer
please help
I have been connecting to a remote server through my Mac for about a month now. As of recent though, I tried to connect using ssh dylan@MY_IPand got this message.
I also got some diagnostic information..
After doing some research, I tried the following..
- Restarted my router
- Cleared my 'known_hosts' file
- Deleted my 'known_hosts' file
- Released & Renewed my DHCP
- I've also tried from another device (Windows) using Putty with an error as well
Note that I haven't made any changes to the server to inhibit this communication.
Also, I'm not sure if this would cause issues, but I have connected to it by it's domain name as well as it's IP.
In addition, I was able to successfully connect from another IP address.
I know this is a large issue with many resources out there, but a lot of the solutions did not work nor did I really see any type of resolution for anyone.
Update
I forced it to protocol 1. Instead of 'Connection reset by peer', I now get 'Connection closed by remote host'. Running it with debug information revealed:
Dylan
DylanDylan
6 Answers
This is how I solved the 'ssh_exchange_identification: Connection closed by remote host' error when connecting to an SSH server.
I got this error when trying to connect to an embedded Linux machine, after unpacking a package to root. Lots of library files were replaced, including libssl.
Trying to connect:
Googling only seemed to suggest checking hosts.deny and hosts.allow, but my target machine had no such files.
After a reboot (as per Karthik's suggestion) sshd was not running.I tried manually starting sshd on target:
I replaced /usr/lib/libssl.a with the original version and started sshd and things were back to normal. The problem was in my case caused by an incorrect version in the package I originally unpacked to root.
CheticChetic
I was getting the same error (but from any machine, including the troublesome machine via
ssh localhost
).It started when I migrated a users profile; i.e. after copying files as root, then did commands like
chown -R username /Users/username/Destop
anyway, totally unsure why /var/empty owner was changed to username, but
Totossh
definitely needs /var/empty
to be owned by root (otherwise you get ssh_exchange_identification: read: Connection reset by peer
):4,8791010 gold badges1313 silver badges2828 bronze badges
hunter3740hunter3740
This isn't a problem with your local machine, but a problem on the server side. There could be multiple factors causing this problem:
- Changes in the /etc/hosts.allow or /etc/hosts.deny configuration on the remote server.
- Heavy server load.
In the past, when I've had these problems, I've done one of two things, in the following order:
- Modify the /etc/hosts.allow as referenced in the above article. (and restart the SSH server)
- If /etc/hosts.allow is already the way it is required to be, just restart the SSH server (and be careful when you're doing this!)
- If the restart doesn't work, regenerate the server keys and restart the SSH server (this is risky, since every user logging in to this machine will get a error about the server having keys changed)
More often than not, 1 solves the problem, but I've had to do 2 in some cases. I haven't been able to figure out why that is the case, only that it has worked. Perhaps it has something to do with the way the key is presented, or perhaps it got corrupted in some way - I am not sure. But what I do know is the error is entirely something to do with the server, and the way the handshake happens when the SSH connection is being set uo.
Karthik RangarajanKarthik Rangarajan
I had SSH set up with Cygwin and in my case it was the Windows firewall that caused exactly this error, so make sure to allow connections to port 22.
anonymousanonymous
I managed to solve this issue myself really easily.
In normal OS X you can solve this by simply toggling 'Remote Login' in System Preferences/Sharing.
However, if it's a headless server (like in my case) you can use OSX Server app to go to (you server name)/Settings and toggle 'Secure shell connections on and off again'
SirensSirens
If you are using a private key or a security key to login to your server then you need to change the permission for the key file to 660, using command
sudo chmod 660 File_Name
Srijan ChaudharySrijan Chaudhary
Not the answer you're looking for? Browse other questions tagged macosssh or ask your own question.
Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.
Sign upHave a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
commented Feb 3, 2017
DescriptionHi I have the following problem: Sometimes, when cloning or pulling repositories the checkout fails. I am using myrepos to checkout or update several repositorys with one command. I also use r10k/g10k in puppet which checks out repositories in order to create the environments. The error occurs with r10k as well.This problem is kind of difficult to reproduce. Here is the .mrconfig I use to clone the repositories: https://try.gogs.io/carazzim0/myrepos So I have 10 repositories and if I check them all out by mr up sometimes the checkout fails with ssh_exchange_identification: read: Connection reset by peer This does NOT happen everytime I checkout a repository, only sometimes. This behaviour occurs on my selfhosted Gogs version as well as on try.gogs.io with different repos everytime it happens. Example output: I hope you can help me with this kind of 'bug' or whatever causes this. cheers and thanks, carazzim0 .. |
commented Feb 3, 2017 • edited
edited
|
added the status/needs feedback label Feb 3, 2017
commented Feb 3, 2017 • edited
edited
Hi, regarding the first point: I created a group on https://try.gogs.io (https://try.gogs.io/s0urce-puppet). There I created 10 repositories like I have on my own GoGS instance and added a file with content to it. Then I used the following .mrconfig file (https://try.gogs.io/carazzim0/myrepos/src/master/.mrconfig),which clones all of these repositories. So I ran mr up , which uses the .mrconfig and I sometimes get the following output:I don't know what specific kind of situation triggers this error.
|
commented Feb 3, 2017
OK. I don't know how the mr works underneath, but the error message is directly from SSH daemon which is not Gogs. I think it's because mr is opening too many connections and the SSH daemon decides to rejects some of them. You might what to ask author of mr. |
commented Feb 3, 2017 • edited
edited
Hi, I have the same issue. I can reproduce the error with: ~/debug/gogs-debug-x.log: EDIT: I use gogs build in ssh server cheers, Henry |
commented Feb 3, 2017
Thanks for the info, it's basically proves what I said. Sending too many requests to the server and it decides to rejects some of them. |
commented Feb 3, 2017
Gogs built in SSH server does not do such thing unless there is underlying system error prevents the SSH server from accepting the connection. |
commented Feb 4, 2017
Thanks for you response, I tried a new Gogs setup with Docker and wanted to use the gogs-builtin ssh server, so i adjusted the app.ini settings accordingly: I run the container via: docker run -d --name=gogs-dev -p 2222:2222 -p 3000:3000 -v /home/basti/dev/dev_gogs:/data gogs/gogs:develop Now there is quite often the following error: Does this relate to golang/go#18711 ? Thanks for your help, carazzim0 |
commented Feb 4, 2017
Debug output when the error occurs: |
commented Feb 5, 2017
Have you tried with go get -u github.com/gogits/gogs and recompile? |
commented Feb 6, 2017
Hmmm I tried with go get -u github.com/gogits/gogs and the same error occurs.I compiled it with go version go1.7.4 linux/amd64 , edited app.ini to use standalone SSH-server and it still says input_userauth_error: bad message during authentication: type 20 every now and then.Gogs logs when the error occurs: |
commented Feb 6, 2017
Thanks for the info, I guess this is now same as #4085.. |
commented Feb 6, 2017
Ok I've got an update on this. I manually downloaded the go binaries from https://golang.org/dl/ and installed go version go1.7.5 linux/amd64 on my workstation and recompiled gogs there.When I now run for i in {1.200}; do git pull > /dev/null; done there are no errors anymore.So golang/go#18711 seems to be fixed in 1.7.5 |
commented Feb 6, 2017
@carazzim0 that's a good catch! |
referenced this issue Feb 6, 2017
ClosedWhen pushing via SSH: input_userauth_error: bad message during authentication: type 20 #4085
added kind/bugkind/third-party labels Feb 6, 2017
commented Feb 11, 2017
New release is out, maybe test again? |
removed this from the 0.10.0 milestone Feb 11, 2017
commented Feb 11, 2017
@Unknwon I've just done git push in a loop 50 times, and every single one has come back clean. I'll do some real-world testing - if you don't hear anything, then it's all ok :-) |
commented Feb 11, 2017
I updated as well and cannot reproduce this anymore. Thanks alot. And if @sbrl cannot reproduce this as well, I'll close this asap. |
commented Feb 12, 2017
@carazzim0 Yep, it seems to be fixed for me too! |
commented Feb 12, 2017
Great, good work from Go team :D |
removed the status/needs feedback label Feb 12, 2017
pushed a commit to Martchus/gogs that referenced this issue Jun 7, 2018
pushed a commit to Martchus/gogs that referenced this issue Aug 27, 2018
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment