Introduction
A remote machine has prevented an SSH connection that it was trying to establish or maintain. The message “ssh_exchange_identification: read: Connection reset by peer” is not specific enough to immediately explain what triggered the error.
In order to solve the problem successfully, we must first identify its cause. This article provides an in-depth analysis of probable causes and provides the most effective solutions.
By reading this tutorial, you will learn how to fix the “ssh_exchange_identification: Read: Peer Connection Reset” error.
Prerequisites
- Permissions required to access
- A user account with root or sudo privileges What
the remote server
causes the SSH error “Connection restored by pair”?
The error “ssh_exchange_identification: read: Connection reset by peer” indicates that the remote machine abruptly closed the Transition Control Protocol (TCP) sequence. In most cases, a quick restart of a remote server can resolve a temporary outage or connectivity issue.
Learning how to fix this problem and determine the underlying cause helps you avoid future occurrences on your system. The most common causes of the “ssh_exchange_identification: read: Connection reset by peer” error are:
The
- connection is being blocked due to host-based access control lists
- Intrusion prevention software is blocking your IP by updating firewall rules (Fail2ban, DenyHosts, etc.).
- Changes to the SSH daemon configuration file
.
.
Check the
hosts.deny and hosts.allow files The hosts.deny files
and hosts.allow are TCP containers. As a security feature, these files are used to limit which IP address or hostname can establish a connection to the remote machine.
How to edit
the hosts.deny file
Access your remote server and open the hosts.deny file with your preferred text editor. If you are using nano on a Debian-based system, enter the following command:
sudo nano /etc/hosts.deny
Empty lines and lines beginning with the ‘#’ symbol are comments. Check if you can locate your local IP or hostname in the file. If present, it must be deleted or commented on, or else it prevents you from establishing a remote connection.
After making the necessary changes, save the file and exit. Try reconnecting via SSH.
How
to edit the hosts.allow file
As an additional precaution, edit the hosts.allow file. Access rules within hosts.allow are applied first. They take precedence over the rules specified in the hosts.deny file. Type the following command to access
the hosts.allow file: sudo nano /etc/hosts.allow
Adding host names and IP to the file defines exceptions to the configuration of the
hosts.deny file.
For example, a strict security policy within
the etc/hosts.deny file would deny access to all hosts: SSHD : ALL : ALL
Later, you can add a single IP address, IP range, or hostname to the etc/hosts.allow file. By adding the following line, only the following IP could establish an SSH connection
to your remote server: sshd : 10.10.0.5, LOCAL
Note that this limiting security setting can affect management capabilities on remote servers
.
Check if fail2ban banned
your IP address
If you’ve tried to connect repeatedly, your IP might be blocked by intrusion prevention software. Fail2ban is a service designed to protect you from brute force attacks, and it can misinterpret your authentication attempts as an attack.
Fail2ban dynamically monitors and alters firewall rules to prohibit IP addresses that exhibit suspicious behavior. It monitors logs, such as the hosts.deny and hosts.allow files we edited earlier.
In our example, we use the following command to check if the iptables tool is rejecting your connection attempts: sudo iptables
-L -line-number
The output in your terminal window will list all authentication attempts. If you find that a firewall is preventing your SSH connection, you can whitelist your IP with fail2ban. Otherwise, the service will block all future attempts continuously. To access the fail2ban configuration file, type the following command:
sudo nano /etc/fail2ban/jail.conf
Edit the file by uncommenting the line containing “ignoreip=” add the IP or IP range you want to whitelist
.
Fail2ban will now make an exception and report no suspicious behavior for the IP in question.
Check the sshd_config file
If you continue to experience the ‘ssh_exchange_identification: read: Connection reset by peer’ error, examine the authentication registry entry. By default, the SSH daemon sends log information to system logs. Access the /var/log/auth.log file after attempting to log in. To review the most recent log entries, type:
tail -f /var/log/auth.log The
result presents the results of authentication attempts, information about your user account, authentication key, or password
.
The log provides you with information that can help you find potential problems in the sshd configuration file, sshd_config. Any changes made to the file may affect the terms under which an ssh connection is established and lead the remote server to treat the client as incompatible. To access
the file sshd_config type: sudo nano /etc/ssh/sshd_config
The sshd configuration file allows you to change basic settings, such as the default TCP port or SSH key pairs for authentication, as well as more advanced features such as port forwarding
.
For example, the MaxStartups variable defines how many connections a system accepts in a predefined period. If you have a system that makes a large number of connections in a short period of time, it may be necessary to increase the default values for this variable. Otherwise, the remote system might reject additional attempts at ssh connections.
Each time you edit the sshd_config file, restart the sshd service for the changes to take effect: restarting the sshd service Edit
only variables that you are familiar with. A server may become inaccessible as a result of a faulty configuration file.
Conclusion
You have thoroughly checked the most common reasons behind the “ssh_exchange_identification: read: Peer Connection Reset” error. By looking at each possibility, in turn, you have successfully solved the problem and now know how to deal with similar problems in the future.
The number of potential causes is vast and difficult to solve in all aspects. Ultimately, if the error persists, it might be necessary to contact your host.