An SSH connection you were trying to establish or keep open was blocked by a remote machine. The error message “ssh exchange identification: read: Connection reset by peer” does not give a clear explanation of what went wrong.
In order to remedy the problem, we need to understand what is causing it. This article examines the possible reasons for the problem and suggests the best ways to fix it. If you get the “ssh exchange identification: read: Connection reset by peer” error, read this guide to discover how to resolve it.
How to Fix SSH_EXCHANGE_IDENTIFICATION Read Connection Reset by Peer
The issues ssh_exchange_identification read connection reset by peer with ssh exchange identity can be fixed by using the methods described below.
Method 1: Checking the sshd_config File
If the subject error persists, look at the authentication log entries. By default, the SSH daemon will forward any logging-related data to the operating system’s logs. If you’re unable to log in, you should review the /var/log/auth.log file. Enter this command to view the most recent log entries:
$ tail -f /var/log/auth.log
This command displays details about your user account, including your password, authentication key, and authentication success or failure. In case there are problems with the sshd configuration file, you can use the information in the log to track them down.
Modifying the log file after an ssh connection has been established, for instance, will change the terms of agreement and cause the remote server to reject the client. To access the sshd config file, enter the command: sshd config.
Primary settings, like the authentication of ssh key pairs, TCP port, and more complicated features, like forwarding port, can be modified in the sshd configuration file.
Method 2: Changing ssh Configuration Options
If you’re still having trouble connecting to the remote server after using the previous procedure and installing an update, you might want to try erasing your ssh configuration files and starting over. If it doesn’t, try connecting again after adding the -v option to ssh.
If you continue to receive an error message, try running ssh with the -c aes256-ctr option. As reducing the number of ciphers also reduces the size of each packet, this should finally allow you to establish an ssh connection with the server you were trying to access.
Users have found this to be very helpful when debugging Cisco-branded devices, as some server hardware is configured to only accept packets of a certain size. To use aes256-ctr encryption with ssh, just append -c to your command.
Method 3: Overriding Accidental IP Bans
Your own server may have mistaken your IP address for a bad one if you’ve tried to log in multiple times before and been unsuccessful. During debugging, it’s common to repeatedly try reestablishing a connection, which is a reasonable response but may appear to the fail2ban function as an attack.
For verification, use sudo iptables -L -line-number from the remote connect and check for your IP address. It’s likely that you’ll find a plethora of irrelevant links.
Once the culprit chain and chain number have been identified, you can fix the issue by using iptables -D. You should now be free of future difficulties. If you need to make changes, however, you can do so in the attached file.
Open it in your preferred text editor as root, perhaps nano or vi. A command like
“Sudo nano /etc/fail2ban/jail.conf”
will help you locate the ignoreip line you need to add. If you want to prevent fail2ban from ever adding your IP address to a block list, enter it here. While the timing of updates may vary slightly between Linux distributions, in most situations you should expect them to take effect immediately.
It’s extremely difficult to diagnose because there are so many potential reasons for the problem. A host contact may be required if the ssh exchange identification error persists. Here, we’ve covered some of the most typical explanations for the “ssh exchange identification: read Connection reset by peer” error.
Now that you’ve narrowed down your options, you should be able to fix the problem and move on to better manage similar challenges in the future. Hope now you have the solutions to fix ssh_exchange_identification read connection reset by peer.