I lost some days trying solving kex_exchange_indentification: read: connection reset by peer
error.
I set off router and linux firewall and I got the same error.
The ping to ssh server is working.
I don't know why the server doesn't ask client password?
Bellow there are console commands and their output:
These are on ssh client computer
~ $:ssh -vvv [email protected]
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 100.96.180.251 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/ghegheg/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/ghegheg/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 100.96.180.251 [100.96.180.251] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/ghegheg/.ssh/id_rsa type -1
debug1: identity file /home/ghegheg/.ssh/id_rsa-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519 type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519_sk type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_xmss type -1
debug1: identity file /home/ghegheg/.ssh/id_xmss-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_dsa type -1
debug1: identity file /home/ghegheg/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
kex_exchange_identification: read: Connection reset by peer
Connection reset by 100.96.180.251 port 22
---------------------------------------------------------------
---------------------------------------------------------------
~ $:sudo vim /etc/ssh/ssh_config
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected]
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
These are on ssh server computer:
$:sudo systemctl status sshd
ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-03-29 13:06:24 EEST; 2h 56min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 946 (sshd)
Tasks: 1 (limit: 19006)
Memory: 3.8M
CPU: 57ms
CGroup: /system.slice/ssh.service
└─946 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
mar 29 13:06:24 ghegheg-Z490M-GAMING-X systemd[1]: Starting OpenBSD Secure Shell server...
mar 29 13:06:24 ghegheg-Z490M-GAMING-X sshd[946]: Server listening on 0.0.0.0 port 22.
mar 29 13:06:24 ghegheg-Z490M-GAMING-X sshd[946]: Server listening on :: port 22.
mar 29 13:06:24 ghegheg-Z490M-GAMING-X systemd[1]: Started OpenBSD Secure Shell server.
mar 29 14:47:14 ghegheg-Z490M-GAMING-X sshd[24517]: fatal: Timeout before authentication for 5.14.134.233 port 53414
mar 29 15:37:21 ghegheg-Z490M-GAMING-X sshd[25471]: fatal: Timeout before authentication for 5.14.134.233 port 41608
mar 29 15:57:43 ghegheg-Z490M-GAMING-X sshd[26442]: fatal: Timeout before authentication for 5.14.134.233 port 54108
-----------------------------------------------
------------------------------------------------
$:vim /etc/ssh/sshd_config
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
-----------------------------------------------------------
-----------------------------------------------------------
$:vim /etc/hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
-----------------------------------------------------------------------
-----------------------------------------------------------------------
$:vim /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
I don't know what to do. On ssh server appear fatal: Timeout before authentication for 5.14.134.233 port 53414 / 41608 /54108 , three ports that are different than ssh port 22. Can somebody with more experience to give me a hint to solve this unpleasant situation?
ssh.service - OpenBSD Secure Shell server
in the systemctl status output, that is normal for Ubuntu (which uses the OpenBSD implementation of sshd by default).