When I want to connect with SSH (ssh/scp) to some machine, I sometimes
get errors, either
kex_exchange_identification: Connection closed by remote host
or
kex_exchange_identification: read: Connection reset by peer
immediately after the connection attempt. This happens randomly,
and there are some periods where this happens quite often. The
client machine doesn't seem to matter, and this issue also even
occurs from machines on the local network.
With ssh -vvv, the output ends with
debug1: Local version string SSH-2.0-OpenSSH_8.7p1 Debian-4
kex_exchange_identification: read: Connection reset by peer
Connection reset by [...] port 22
In the source, this corresponds to function kex_exchange_identification
in kex.c:
len = atomicio(read, ssh_packet_get_connection_in(ssh),
&c, 1);
if (len != 1 && errno == EPIPE) {
error_f("Connection closed by remote host");
r = SSH_ERR_CONN_CLOSED;
goto out;
} else if (len != 1) {
oerrno = errno;
error_f("read: %.100s", strerror(errno));
r = SSH_ERR_SYSTEM_ERROR;
goto out;
}
so either with EPIPE or with ECONNRESET, and this apparently occurs
before the exchange of banners.
I could reproduce the issue with telnet, which gives
[...]
Escape character is '^]'.
Connection closed by foreign host.
while one normally has
SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
just after the "Escape character..." line.
Note that this is different from a "Connection refused". Here, the
connection is accepted, but immediately closed.
The admin of the machine could see nothing particular in the logs.
He eventually modified the MaxStartups value, but this did not
solve the issue (but AFAIK, if this were the cause, there would
have been something about it in the logs). The machine has enough
available memory.
Any idea about the possible cause of these random errors?
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
