Score:0

kex_exchange_indentification: read: connection reset by peer

mx flag

I lost some days trying solving kex_exchange_indentification: read: connection reset by peer error. I set off router and linux firewall and I got the same error. The ping to ssh server is working. I don't know why the server doesn't ask client password? Bellow there are console commands and their output:

These are on ssh client computer

~ $:ssh -vvv ghegheg@100.96.180.251                                                         
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 100.96.180.251 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/ghegheg/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/ghegheg/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 100.96.180.251 [100.96.180.251] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/ghegheg/.ssh/id_rsa type -1
debug1: identity file /home/ghegheg/.ssh/id_rsa-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519 type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519_sk type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_xmss type -1
debug1: identity file /home/ghegheg/.ssh/id_xmss-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_dsa type -1
debug1: identity file /home/ghegheg/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
kex_exchange_identification: read: Connection reset by peer
Connection reset by 100.96.180.251 port 22

---------------------------------------------
---------------------------------------------
~ $:sudo vim /etc/ssh/ssh_config
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes

These are on ssh server computer:

$:sudo systemctl status sshd
 ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-03-29 13:06:24 EEST; 2h 56min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 946 (sshd)
      Tasks: 1 (limit: 19006)
     Memory: 3.8M
        CPU: 57ms
     CGroup: /system.slice/ssh.service
             └─946 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

mar 29 13:06:24 ghegheg-Z490M-GAMING-X systemd[1]: Starting OpenBSD Secure Shell server...
mar 29 13:06:24 ghegheg-Z490M-GAMING-X sshd[946]: Server listening on 0.0.0.0 port 22.
mar 29 13:06:24 ghegheg-Z490M-GAMING-X sshd[946]: Server listening on :: port 22.
mar 29 13:06:24 ghegheg-Z490M-GAMING-X systemd[1]: Started OpenBSD Secure Shell server.
mar 29 14:47:14 ghegheg-Z490M-GAMING-X sshd[24517]: fatal: Timeout before authentication for 5.14.134.233 port 53414
mar 29 15:37:21 ghegheg-Z490M-GAMING-X sshd[25471]: fatal: Timeout before authentication for 5.14.134.233 port 41608
mar 29 15:57:43 ghegheg-Z490M-GAMING-X sshd[26442]: fatal: Timeout before authentication for 5.14.134.233 port 54108

---------------------------------------------
---------------------------------------------
$:vim /etc/ssh/sshd_config                                                                                           
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
---------------------------------------------
---------------------------------------------
$:vim /etc/hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.                    
#                   See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
---------------------------------------------
---------------------------------------------
$:vim /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.               
#                  See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID

I don't know what to do. On ssh server appear fatal: Timeout before authentication for 5.14.134.233 port 53414 / 41608 /54108 , three ports that are different than ssh port 22. Can somebody with more experience to give me a hint to solve this unpleasant situation?

David avatar
cn flag
Are you using Ubuntu and if so what version. All I see in the question is a reference to OpenBSD which would make this off topic.
hr flag
@David if you're referring to `ssh.service - OpenBSD Secure Shell server` in the systemctl status output, that is normal for Ubuntu (which uses the OpenBSD implementation of sshd by default).
David avatar
cn flag
Still no version of Ubuntu in the question which was my point.
Mitu Gabriel avatar
mx flag
@ David, I'm using Ubuntu 22.04.2 LTS, maybe it's the last.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.