No SSH access : kex_exchange_identification: read: Connection reset by peer

patpatterson · January 20, 2024, 2:11pm

My YunoHost server

Hardware: Old laptop or computer
YunoHost version: 11.2.9.1
I have access to my server : through the webadmin | direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I have lost access to the server from SSH. Local access, never used external access)
I used to require authentication keys, but now it’s turned off.
3 different pces have this problem.

Following IP address unban | Yunohost Documentation none of my 3 IPs are banned.

I connect with this command:
ssh -vvv -p 322 use@server.net

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/jk/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/jk/.ssh/known_hosts2'
debug2: resolving "server.net" port 322
debug3: resolve_host: lookup server.net:322
debug3: ssh_connect_direct: entering
debug1: Connecting to server.net [192.168.10.160] port 322.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/jk/.ssh/id_rsa type 0
debug1: identity file /home/jk/.ssh/id_rsa-cert type -1
debug1: identity file /home/jk/.ssh/id_ecdsa type -1
debug1: identity file /home/jk/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/jk/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/jk/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/jk/.ssh/id_ed25519 type -1
debug1: identity file /home/jk/.ssh/id_ed25519-cert type -1
debug1: identity file /home/jk/.ssh/id_ed25519_sk type -1
debug1: identity file /home/jk/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/jk/.ssh/id_xmss type -1
debug1: identity file /home/jk/.ssh/id_xmss-cert type -1
debug1: identity file /home/jk/.ssh/id_dsa type -1
debug1: identity file /home/jk/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.10.160 port 322

wbk · January 21, 2024, 11:02am

That strongly suggests a server side problem (you probably figured…)

Did you try logging in via keyboard/screen to a local terminal?

Perhaps the server is too busy to accept a new connection (unlikely, in most cases) or the filesystem is full (more probable).

patpatterson · January 21, 2024, 4:30pm

Definately serverside. The output also states “connection established”

Did you try logging in via keyboard/screen to a local terminal?

I can use the terminal as normal on the yunohost server with keyboard/screen.
I did check disk space. It was not out of space. Did not pay much attention to how much free space. Just figured it was enough.
I’ll check that once more.

PS: I also tried rebooting.

I’ve read about this error on various forums, but none of the solutions seems to work for me.

tituspijean · January 22, 2024, 4:52am

Try opening the following command on the server, then try logging again from one of the PC:

sudo tail -n 0 -f /var/log/auth.log

It should display why it is rejecting your connections.

Press CTRL+C to quit the command.

patpatterson · January 22, 2024, 5:50pm

It says sshd[2534] refused connect from x.x.x.x

I raised log level to DEBUG in sshd_config, and got the message
connection refused by tcp wrapper

That pointed me to the hosts.allow file.
Added the client IP there, and then it worked.

PS:
When turning off password authentication in the web admin, the Password authentiation in sshd_config did not change.
I’d expect it to do so…

system · February 21, 2024, 5:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.