An SSH connection you were attempting to create or maintain has been blocked by a remote machine. It is not immediately clear from the “ssh exchange identification: read: How to Fix Connection Reset by Peer Error?” notification what caused the error.
We must first determine the cause of the problem in order to effectively remedy it. The most practical solutions are offered in this article along with a detailed analysis of the most likely reasons.
This guide will teach you how to resolve the “ssh exchange identification: Error message: Connection reset by peer.
- Necessary permissions to access a remote server
- A user account with root or sudo privileges
What Leads to the SSH Error “Connection reset by peer”?
The Transition Control Protocol (TCP) stream was abruptly terminated by the remote machine, according to the “ssh exchange identification: read: Connection reset by peer” fault. Most of the time, a brief reboot of a remote server can resolve a fleeting outage or connectivity problem.
You can avoid similar problems in your system in the future by understanding how to solve this one and identifying the root cause. The following are the most typical reasons for the error “ssh exchange identification: read: How to Fix Connection Reset by Peer Error?“:
- The Host-Based Access Control Lists are preventing the connection.
- By upgrading firewall rules, intrusion prevention software is blocking your IP (Fail2ban, Deny Hosts, etc.).
- changes to the configuration file for the SSH daemon.
Check the hosts. deny and hosts. allow File
The hosts. deny and hosts. allow files to be TCP wrappers. As a security feature, these files are used to limit which IP address or hostname can establish a connection to the remote machine.
How to Edit hosts. deny File?
Access your remote server and open the hosts. deny the file using your preferred text editor. If you are using nano on a Debian-based system, enter the following command:
sudo nano /etc/hosts.deny
Comments are lines that are empty or that begin with the symbol “#.” See if the file contains your local IP or host name. If it’s there, get rid of it or comment it out because failing to do so prohibits you from creating a remote connection.
Save the file after making the necessary adjustments, then close it. Try using SSH to reconnect.
How to Edit hosts. allow File?
Edit the hosts as an additional measure of safety.
permit file rules for access on the hosts. allowing is used first. They are given precedence over host-specific rules. file denied Enter the next command to connect to the hosts. permit file:
sudo nano /etc/hosts.allow
Adding hostnames and IP addresses to the file creates exceptions to the hosts. deny settings. For instance, the etc/hosts might have a stringent security policy. deny file, would prevent all hosts from accessing:
You can then edit the etc/hosts.allow file to add a single IP address, an IP range, or a hostname. Only the IP listed below would be permitted to make an SSH connection with your remote server by adding the following line:
10.0.5, LOCAL, sshd
How to Fix Connection Reset by Peer Error? Remember that a security levels this restrictive can limit your ability to administer your distant servers.
Check if fail2ban Banned Your IP Address
An intrusion protection system may have blocked your IP if you have repeatedly attempted to connect. In order to defend you from brute force attacks, a service called Fail2ban may mistakenly perceive your efforts at login as an attack.
Fail2ban keeps track of and dynamically modifies firewall rules to block IP addresses that behave suspiciously. Like hosts, it keeps an eye on the logs. host and deny. Permit the files we’ve previously altered.
We used the following command in our example to see if the iptables tool was denying your attempted connections:
sudo iptables -L --line-number
All authentication attempts will be listed in the output that appears in your terminal window. If you discover that a firewall is truly obstructing your SSH connection, you can use fail2ban to white-list your IP.
Otherwise, the service will continuously block any additional attempts. Enter the following command to get to the fail2ban configuration file:
Doing sudo nano /etc/fail2ban/jail.conf
The IP address or IP range you want to white-list can be added by uncommenting the line that reads “ignoreip =” in the file.
Now, Fail2ban will make an exception and not flag the concerned IP for suspicious activity.
Examine the ssh config file.
Examine the authentication log entry if you are still getting the “ssh exchange identification: read: How to Fix Connection Reset by Peer Error?” problem. The SSH daemon transmits logging data to the system logs by default. After you’ve failed to log in, access the /var/log/auth.log file. Type: to display the most recent log entries.
/var/log/auth.log, tail -f
The output displays information about your user account, authentication key, and password, as well as the outcomes of your authentication attempts.
You can use the information in the log to identify any problems in the sshd config configuration file. Any modifications to the file have the potential to change the conditions under which an ssh connection is initiated and cause the distant server to see the client as incompatible. the sshd config file can be accessed file type:
sudo nano /etc/ssh/sshd_config
You can modify both fundamental parameters, such the default TCP port or SSH key pairs for authentication, as well as more complex features, like port-forwarding, using the sshd configuration file.
For instance, the MaxStartups variable specifies the number of connections a system will allow in a given amount of time. It may be essential to adjust the default settings for this variable if your system establishes a lot of connections quickly. Otherwise, the remote machine might reject further ssh connection attempts.
In order for changes to take effect after editing the sshd config file, you must restart the sshd service:
sshd service restart
Edit just the variables you are comfortable with. A bad configuration may cause a server to become unreachable.
You have examined the most frequent causes of the “ssh exchange identification: Error message: ” How to Fix Connection Reset by Peer Error?” You were able to find a solution by considering each possibility in turn, and you now know how to handle similar issues in the future.
Numerous alternative causes exist, making it challenging to narrow down the problem. In the end, it might be necessary to get in touch with your host if the error keeps happening.