Intermittent 'ssh_exchange_identification: Connection closed by remote host' error
Solution 1
Possibly, the issue seems to occur if it happens to have more number of incoming requests.
Once the number of unauthenticated connections goes over the sshd:MaxStartUps parameter, sshd starts rejecting those connections.
So preferably increase the MaxStartups in sshd_config
HTH!
Solution 2
Please check the rules defined in /etc/hosts.allow and /etc/hosts.deny files. There may be some rules defined over there to allow/block connections from system.
It may happen that your IP address is changing after rebooting system and sometimes IP which is denied on server is getting assigned to system.
thagzone
Updated on September 18, 2022Comments
-
thagzone almost 2 years
While there are many questions on this site and others addressing this very issue, I haven't yet found one that seems to address what I'm experiencing.
When trying to ssh a linux box from a MBpro running Lion, I get the following error:
gjohnson5@Gentrys-MacBook-Pro:~$ ssh -v user@server_name OpenSSH_5.6p1, OpenSSL 0.9.8y 5 Feb 2013 debug1: Reading configuration data /etc/ssh_config debug1: Applying options for * debug1: Connecting to server_name[ip_address] port 22. debug1: Connection established. debug1: identity file /Users/gjohnson5/.ssh/id_rsa type -1 debug1: identity file /Users/gjohnson5/.ssh/id_rsa-cert type -1 debug1: identity file /Users/gjohnson5/.ssh/id_dsa type -1 debug1: identity file /Users/gjohnson5/.ssh/id_dsa-cert type -1 ssh_exchange_identification: Connection closed by remote host
The strange thing is that I get this error intermittently. Sometimes rebooting my machine and trying again will get me into the server no problem. Other times, the error persists. Occasionally, I will successfully log on, close the connection, try to reconnect a few seconds later, and then receive the error.
Now, I've tried clearing the
~/.ssh/known_hosts
file, and I've found that trying to log on as a different user on my same machine still throws the error. I cannot check/etc/hosts.allow
and/etc/hosts.deny
since I cannot access the server and my employer's IT is, unfortunately, being unresponsive. I can't imagine that would be the issue, however, as I am occasionally able to log into the server using my machine. It seems like the problem might be with some configuration on my machine (??), though I'm relatively inexperienced with this and wouldn't know where to start looking.EDIT: As per request, this is the result of checking MaxStartups:
grep MaxStartups /etc/ssh/sshd_config #MaxStartups 10:30:60
-
thagzone almost 10 yearsThat's an interesting suggestion, however it's a scarcely-used server (there could only be a handful of people trying to access it at any one time). Could this still be the case? In any event, I'm unable to alter the sshd_config on the server.
-
vembutech almost 10 yearsPossibly, can you paste the output of? #cat /etc/ssh/sshd_config | grep MaxStartups
-
thagzone almost 10 yearsDone, hopefully that's helpful!
-
vembutech almost 10 yearsBelieve your issue is resolved?
-
thagzone almost 10 yearsNo, I'm still having trouble. I just meant that I posted the output you asked for.
-
vembutech almost 10 yearsJust curious to know, why you are unable to edit the file. Probably, did you try it as a root?
-
thagzone almost 10 yearsWill editing the file on the client fix the problem? I was under the impression that MaxStartups would have to be edited on the server.
-
vembutech almost 10 yearsOf course, you need to edit it on server.
-
thagzone almost 10 yearsI was able to log on to the server and I got the following output which I've updated in the answer.
-
vembutech almost 10 yearsI understand that. Can you please increase the count and check? Also needless to mention here about the network connection once the session is established.
-
thagzone almost 10 yearsI don't have write permissions on the file, and I haven't heard back from the root user yet. I'll let you know if changing this solves the problem once I can do so.
-
xx4h over 9 years"scarcely-used server" but maybe the server is getting brute-forced some way. so the ssh connections are in use this way. In this case
MaxStartups
would only lead to more bandwith usage and higher server load. You should think about a non default port in high port range and something like fail2ban -
Graham Perrin almost 9 yearsA reasonable answer but the opening poster "… cannot check /etc/hosts.allow and /etc/hosts.deny since I cannot access the server …"
-
Graham Perrin almost 9 years… the opening poster "… cannot check /etc/hosts.allow and /etc/hosts.deny since I cannot access the server …"
-
AVJ almost 9 years@GrahamPerrin ...hope this will help edoceo.com/notabene/ssh-exchange-identification
-
tuk0z almost 9 years@GrahamPerrin which let the typo in sshd_config as well as vembutech proposal. Also, listing the most possible causes to an issue, and being unable to act on one of these are two different things I believe.
-
Anthony Geoghegan almost 7 yearsWhile this code might be useful for resolving the issue, it isn’t clear that this is the case. Explaining how and why it solves the problem would improve the usefulness and long-term value of the answer.