openssh server is refusing connections by blocking or resetting
Solution 1
Turns out (thanks to @chaos) this had nothing to do with ssh. I had managed to set a bad netmask on the server machine of 255.255.255.255 instead of 255.255.255.0. This caused issues for routing inbound traffic from the LAN, but not from the router.
Solution 2
Try regenterating the host keys on the server and the clients:
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
The Did not receive identification string
-error mean that the server waits for the identification string of the client and never gets it.
The Connection reset by peer
-error means that in TCP-layer the server cuts the connection and does not send the ACK
package.
Both errors can point to a connection issue. Try to use another switch port for the server. In your client log, we also see that the client also never gets the indentification string of the server, it should come something like this:
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.3
Related videos on Youtube
mk3008
Updated on September 18, 2022Comments
-
mk3008 over 1 year
On a quite fresh install of Ubuntu 14.04 (machine1), I have openssh-server with a completely default config.
When connecting from machine2 on the LAN, with an empty ~/.ssh, I get the following debug output from the server (running as /usr/sbin/sshd -p 22 -D -d -e): http://pastebin.com/WeHGzsUM and the relevant bits are probably:
debug1: permanently_set_uid: 118/65534 [preauth] debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] Read from socket failed: Connection reset by peer [preauth] debug1: do_cleanup [preauth] ...
When connecting from machine2 with my normal ~/.ssh that works on many servers, I get the following debug output on machine1: http://pastebin.com/uxKfAYSL
In both cases, on machine2, the client reports: http://pastebin.com/dTp4mNne which looks normal to me until the last line:
ssh_exchange_identification: read: Connection reset by peer
On server and client, ssh client is version:
OpenSSH_6.6p1 Ubuntu-2ubuntu1, OpenSSL 1.0.1 14 Mar 2012
And the server has version:
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
The exact same client command that fails remotely works perfectly on the server, machine1, so it's not an account problem.
Earlier, before I upgraded my ssh client on machine2, ssh would block indefinitely, after showing this debug output http://pastebin.com/JSX6r7Yp and on the server I'd see the following in auth.log
Jun 19 22:27:47 lemur sshd[6491]: Did not receive identification string from 192.168.1.12
UPDATE:
Turns out (thanks to @chaos) this had nothing to do with ssh. I had managed to set a bad netmask on the server machine of 255.255.255.255 instead of 255.255.255.0. This caused issues for routing inbound traffic from the LAN, but not from the router.
-
Nischay almost 10 yearsCheck for open port (default TCP port 22 for ssh) in Ubuntu firewall on machine 1. You can use telnet (telnet machine1 22) or nc for this.
-
mk3008 almost 10 yearsRead the post. I have a default ssh server set up. As is clearly indicated in the post, a connection is being made from ssh client to the server, but it's failing to negotiate the protocol, or failing to pick an authentication method, or who knows what.
-
-
mk3008 almost 10 yearsI have a completely fresh install of openssh-server (purged and reinstalled twice), and I tried both with and without a ~/.ssh on the client, so this is not the problem. But just for kicks I tried those commands anyway, and of course I get the same results. I updated my OP for clarity, and after upgrading the ssh client.
-
chaos almost 10 years@quuxman can you please provide the output of
ifconfig
on the server and a client? -
mk3008 almost 10 yearsThey're both completely default. The only line that differs from the package maintainers version in my regular ssh client config is: "HashKnownHosts no", but hold on, I'll pastebin them anyway...
-
chaos almost 10 yearsI'm not interested in your config, i want to see if there are error in packages or dropped packages and i meant
ifconfig
, not the config of ssh. -
mk3008 almost 10 yearsOops, sorry, I misread your comment (it's getting late :-/). Server ifconfig: pastebin.com/i8mGwfzu and the client ifconfig: pastebin.com/6iUcqstG . I'm using wlan0 on the client and wlan1 on the server.
-
chaos almost 10 years@quuxman the netmask of your server should look like 255.255.255.0 like the one from the client. can you change that and restart ssh daemon?
-
mk3008 almost 10 yearsOh my goodness thank you, and I'm a complete idiot. In the end this had nothing to do with ssh, but all the other networking on the "server" seemed to be working, though ssh was the only service I had tested at that point.