Share your love
Fix kex_exchange_identification connection reset by peer SSH Error
If you try to SSH into a server or while checking your SSH server status, you may encounter this error, which says kex_exchange_identification connection reset by peer. Don’t be afraid, it is just a common error and can be easily fixed, it is not a network problem.
You can now proceed to the following steps on the Orcacore website to learn exactly what this error means, why it happens, and how you can fix it.
Table of Contents
What Does “kex_exchange_identification connection reset by peer” Even Mean?
When your computer starts an SSH connection, it tries to exchange keys to establish a secure tunnel. However, before the key exchange can complete, the server unexpectedly terminates the connection by sending a reset signal. It usually happens because of a security rule, a configuration problem, or a misunderstanding.
What Causes the kex_exchange_identification read Error?
There can be some common causes for this issue, including Firewall settings, SSH isn’t running correctly, IP bans from Fail2ban or other tools, too many open SSH connections, and incorrect SSH configs.
Resolve Connection reset by peer SSH Error
Now that you understand the causes of the error, proceed to the following steps to fix your problem:
1. Verify SSH Server is Running Correctly
The first step is to check that your SSH server is running correctly. To do this, you can run the following command:
sudo systemctl status sshdIn your output, you should see:
If SSH is not running, use the following command to enable and start your SSH server:
# sudo systemctl enable sshd
# sudo systemctl start sshd2. Check Firewall Settings for SSH Server
Next, you must be sure that your Firewall is active and running. To install and enable UFW, you can run the commands below:
# sudo apt install ufw -y
# sudo ufw enableThen, you must allow port 22 (default SSH port) through your firewall:
sudo ufw allow 22/tcpOr if you have changed your SSH default port, open the custom port through your firewall. For example:
sudo ufw allow 2222/tcpFinally, reload the firewall to apply the new rules:
sudo ufw reload3. Check If You are Banned by Server
If you are using tools like Fail2ban, it automatically bans IPs after a few failed logins. To check if you are blacklisted by Fail2ban, run the command below:
sudo fail2ban-client statusFrom the output, if you find your IP is banned, you can unban it by using the following command:
sudo fail2ban-client set sshd unbanip YOUR-IP-ADDRESS4. Secure SSH Server Config
For more security, it is always recommended to disable root logins and use SSH authentication, change the default SSH port, and install Fail2ban if you have not already.
For SSH configuration, you can open the file with your desired text editor:
sudo vi /etc/ssh/sshd_configIn the file, look for the following lines and change the port number and disable root logins:
Port 2222
PermitRootLogin noOnce you are done, save and close the file. After any changes, restart SSH to apply the changes:
sudo systemctl restart sshdNote: Remember to update your firewall for the new port too!
Conclusion
You must know that the kex_exchange_identification connection reset by peer error is not a big or essential problem; it means the server rejected your connection early. You can follow the steps above and make sure everything is running and configured correctly.
Hope you enjoy it. Please subscribe to us on Facebook, X, and YouTube.
You may also like to read the following articles:
Discover OpenSSH 10 with Latest Security Updates
SSH Security Tips on AlmaLinux 9
