0

I lost some days trying solving kex_exchange_indentification: read: connection reset by peer error. I set off router and linux firewall and I got the same error. The ping to ssh server is working. I don't know why the server doesn't ask client password? Bellow there are console commands and their output:

These are on ssh client computer

~ $:ssh -vvv [email protected]                                                         
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 100.96.180.251 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/ghegheg/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/ghegheg/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 100.96.180.251 [100.96.180.251] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/ghegheg/.ssh/id_rsa type -1
debug1: identity file /home/ghegheg/.ssh/id_rsa-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519 type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519_sk type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_xmss type -1
debug1: identity file /home/ghegheg/.ssh/id_xmss-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_dsa type -1
debug1: identity file /home/ghegheg/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
kex_exchange_identification: read: Connection reset by peer
Connection reset by 100.96.180.251 port 22

---------------------------------------------------------------
---------------------------------------------------------------
~ $:sudo vim /etc/ssh/ssh_config
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,[email protected]
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes

These are on ssh server computer:

$:sudo systemctl status sshd
 ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-03-29 13:06:24 EEST; 2h 56min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 946 (sshd)
      Tasks: 1 (limit: 19006)
     Memory: 3.8M
        CPU: 57ms
     CGroup: /system.slice/ssh.service
             └─946 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

mar 29 13:06:24 ghegheg-Z490M-GAMING-X systemd[1]: Starting OpenBSD Secure Shell server...
mar 29 13:06:24 ghegheg-Z490M-GAMING-X sshd[946]: Server listening on 0.0.0.0 port 22.
mar 29 13:06:24 ghegheg-Z490M-GAMING-X sshd[946]: Server listening on :: port 22.
mar 29 13:06:24 ghegheg-Z490M-GAMING-X systemd[1]: Started OpenBSD Secure Shell server.
mar 29 14:47:14 ghegheg-Z490M-GAMING-X sshd[24517]: fatal: Timeout before authentication for 5.14.134.233 port 53414
mar 29 15:37:21 ghegheg-Z490M-GAMING-X sshd[25471]: fatal: Timeout before authentication for 5.14.134.233 port 41608
mar 29 15:57:43 ghegheg-Z490M-GAMING-X sshd[26442]: fatal: Timeout before authentication for 5.14.134.233 port 54108

-----------------------------------------------
------------------------------------------------
$:vim /etc/ssh/sshd_config                                                                                           
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
-----------------------------------------------------------
-----------------------------------------------------------
$:vim /etc/hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.                    
#                   See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
-----------------------------------------------------------------------
-----------------------------------------------------------------------
$:vim /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.               
#                  See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID

I don't know what to do. On ssh server appear fatal: Timeout before authentication for 5.14.134.233 port 53414 / 41608 /54108 , three ports that are different than ssh port 22. Can somebody with more experience to give me a hint to solve this unpleasant situation?

4
  • 1
    Are you using Ubuntu and if so what version. All I see in the question is a reference to OpenBSD which would make this off topic.
    – David DE
    Commented Mar 29, 2023 at 14:58
  • @David if you're referring to ssh.service - OpenBSD Secure Shell server in the systemctl status output, that is normal for Ubuntu (which uses the OpenBSD implementation of sshd by default). Commented Mar 29, 2023 at 17:19
  • Still no version of Ubuntu in the question which was my point.
    – David DE
    Commented Mar 29, 2023 at 17:20
  • @ David, I'm using Ubuntu 22.04.2 LTS, maybe it's the last. Commented Mar 29, 2023 at 19:05

0

You must log in to answer this question.

Browse other questions tagged .