Psychz - Kyle
Votes: 0Posted On: Oct 10, 2017 01:47:58
The error "ssh_exchange_identification: connection closed by remote host" is caused due to multiple reasons. Some of the reasons and its solution are listed below.
1. Check the "/etc/hosts.allow" and "/etc/hosts.deny" files. As the name suggests, these files contain the name of hosts that are allowed or denied on the system. Please check if the "/etc/hosts.deny" file contains any "sshd: ALL" field. If it does, delete the line. It is preventing any SSH connection to be established. You can also add the field "sshd: ALL" to "/etc/hosts.allow" file.
2. Check the "/etc/ssh" directory that contains all the SSH keys used for a connection. It is possible that some of the keys may be corrupt. Please delete the keys from the list and restart the "sshd" service by using the following command.
/etc/init.d/sshd start
If you are not able to delete the files, you can forcefully delete them by using the following command.
ssh-keygen -t rsa -f /etc/ssh/name_of_the_key
On restarting the service, the keys will be automatically regenerated.
Server under attack or experiencing heavy Load
One of the main reasons why you must be experiencing issues while connecting is because the server is currently under attack (DDoS) where it has reached its capacity and refusing any further connection. Or it may be genuinely experiencing high traffic and is unable to process any further requests.
This problem can be fixed by increasing the value of the MaxStartups property in the sshd configuration file on the admin machine. MaxStartups Specifies the maximum number of concurrent unauthenticated connections to the sshd daemon. Additional connections will be dropped until authentication succeeds .
root@192.112.XX.XX # grep MaxStartups /etc/ssh/sshd_config
# MaxStartups 10:30:60
Note: The default is 10.
10: Number of unauthenticated connections before we start dropping
30: Percentage chance of dropping once we reach 10 (increases linearly for more than 10)
60: Maximum number of connections at which we start dropping everything
# service sshd restart
Dependencies missing due to a patch applied or system update
Usually, this occurs when a glibc or openssl an upgrade. Many distros can install updates to glibc or openssl libs and not require a restart to sshd. On any distro, you can recognize it when after an update, then use lsof ("list open files") to see where sshd has open files. Some will be pointed to DEL, because those libs were deleted on update.
~ # lsof -n | grep ssh | grep DEL