“ssh_exchange_identification connection closed by remote host” Error and Solution

SSH protocol provides secure communication with remote systems in an easy way. When using the SSH protocol and tools to connect to the remote system there are different security checks. These checks may prevent or rejects the SSH connections. The ssh_exchange_identification connection closed by remote host error occurred when the remote system or SSH server rejects the communication. There are different reasons for this error and different solutions can be implemented to solve this.

Check hosts.allow and hosts.deny

The hosts.allow and hosts.deny files are used to allow or deny access to the current Linux system. These files contain configurations like sshd: 192.168.1.* or sshd: 10.0.0.1 etc. in order to define hosts to allow or deny configuration.

For the file hosts.allow add the following line to prevent default deny rules. If you want to allow all incoming SSH connections use the following line.

sshd: ALL

If you need to allow for a specific network range use the following line.

sshd: 192.168.1.*

or you can simply allow a single IP address for the SSH connection like below.

sshd: 192.168.1.10

The hosts.deny file is used to deny specified SSH connections. Check for the sshd lines and remove them from the hosts.deny file.

sshd: 192.168.1.*

In order to make this configuration changes effective restart the sshd daemon with the following command.

$ sudo systemctl restart sshd

Check sshd_config for MaxStartups

The sshd_config file is used to configure SSH daemon or sshd service. It provides different security configurations where MaxStartups configuration is used to set the number of unauthenticated SSH connection which occurs SSH connection. The default value of the MaxStartups is 10 which is ok for most cases but this may be the cause of the problem. Just open the sshd_config file and increase this value.

$ sudo vim /etc/sshd_config

We set the MaxStartıps value as 100 like below.

MaxStartups 10:30:100

Check known_hosts File For Existing Public Key

SSH use the known_hosts file in order to store previously connected devices with their public key identifications and IP addresses. This information is gathered during the first connection and stored inside the known_hosts file. If one of this information is changed the client connection is not accepted and the “ssh_exchange_identification” error is returned. The solution is removing previously saved records from the known_hosts file.

$ vim ~/.ssh/known_hosts

Leave a Comment