Linux sshfs connection reset by peer

Проблемы c sshfs

После двоеточия указывается каталог на удаленной машине.

Например, sshfs user@host:/dir/ /mountpoint

А то что на archwiki написано тоже не помогает?

Если каталог не указывать, то примонтируется домашний каталог.

Тогда двоеточие вообще не нужно.

Вроде нужно, а иначе ошибка

Да, без двоеточия у меня вылазит missing host, где лежат логи на ssh сервере? Хочу посмотреть, может там по подробнее проблема описана.

А на стороне клиента, если добавить -o sshfs_debug ничего интересного не выводит?

Нет, ничего. Я подозреваю, что сервер неверно отконфигурирован. У меня есть к нему доступ. Какие службы мне следует на нем проверить. SSH работает как часы, а вот sshfs нет.

Не знаю. Всегда sshd одинаково конфигурировал для ssh для sshfs. Думаю нужно всё же смотреть для начала на клиенте. Попробовать посмотреть, например, обмен в wireshark

Источник

How to Fix «ssh_exchange_identification: read: Connection reset by peer» Error

Home » Web Servers » How to Fix «ssh_exchange_identification: read: Connection reset by peer» Error

A remote machine has prevented an SSH connection you were attempting to establish or maintain. The “ssh_exchange_identification: read: Connection reset by peer” message is not specific enough to immediately explain what triggered the error.

To be able to resolve the issue successfully, we first need to identify its cause. This article provides an in-depth analysis of the likely causes and provides the most effective solutions.

By reading this tutorial, you will learn how to fix the “ssh_exchange_identification: read: Connection reset by peer” Error.

• Necessary permissions to access remote server
• A user account with root or sudo privileges

What Causes the “Connection reset by peer” SSH Error?

The “ssh_exchange_identification: read: Connection reset by peer” error indicates that the remote machine abruptly closed the Transition Control Protocol (TCP) stream. In most instances, a quick reboot of a remote server might solve a temporary outage or connectivity issue.

Note: Network-based firewalls or load-balancers can sometimes distort IPs or security permissions. This type of problem can be resolved by contacting your service provider.

Learning how to troubleshoot this issue, and determining the underlying cause, helps you prevent future occurrences on your system. The most common causes of the “ssh_exchange_identification: read: Connection reset by peer” error are:

• The connection is being blocked due to the Host-Based Access Control Lists.
• Intrusion prevention software is blocking your IP by updating firewall rules (Fail2ban, DenyHosts, etc.).
• Changes to the SSH daemon configuration file.

Check the hosts.deny and hosts.allow File

The hosts.deny and hosts.allow files are TCP wrappers. As a security feature, these files are used to limit which IP address or hostname can establish a connection to the remote machine.

Note: Inspect the hosts.deny and hosts.allow files on the remote server, not on the local client.

How to Edit hosts.deny File

Access your remote server and open the hosts.deny file using your preferred text editor. If you are using nano on a Debian based system, enter the following command:

Empty lines and lines starting with the ‘#’ symbol are comments. Check if you can locate your local IP or host-name in the file. If it is present, it should be removed or commented out, or else it prevents you from establishing a remote connection.

After making the necessary changes, save the file and exit. Attempt to reconnect via SSH.

How to Edit hosts.allow File

As an additional precaution, edit the hosts.allow file. Access rules within the hosts.allow are applied first. They take precedence over rules specified in hosts.deny file. Enter the following command to access the hosts.allow file:

Adding host-names and IPs to the file defines exceptions to the settings in the hosts.deny file.

For example, a strict security policy within the etc/hosts.deny file, would deny access to all hosts:

Subsequently, you can add a single IP address, an IP range, or a hostname to the etc/hosts.allow file. By adding the following line, only the following IP would be allowed to establish an SSH connection with your remote server:

Keep in mind that such a limiting security setting can affect administering capabilities on your remote servers.

Check if fail2ban Banned Your IP Address

If you’ve tried to connect on multiple occasions, your IP might be blocked by an intrusion prevention software. Fail2ban is a service designed to protect you from brute force attacks, and it can misinterpret your authentication attempts as an attack.

Fail2ban monitors and dynamically alters firewall rules to ban IP addresses that exhibit suspicious behavior. It monitors logs, like the hosts.deny and hosts.allow files we edited previously.

In our example, we used the following command to check if the iptables tool is rejecting your attempted connections:

The output in your terminal window is going to list all authentication attempts. If you find that a firewall is indeed preventing your SSH connection, you can white-list your IP with fail2ban. Otherwise, the service is going to block all future attempts continuously. To access the fail2ban configuration file, enter the following command:

Edit the file by uncommenting the line that contains «ignoreip =» add the IP or IP range you want to white-list.

Fail2ban is now going to make an exception and not report suspicious behavior for the IP in question.

Check the sshd_config File

If you are continuing to experience the ‘ssh_exchange_identification: read: Connection reset by peer’ error, examine the authentication log entry. By default, the SSH daemon sends logging information to the system logs. Access the /var/log/auth.log file after your failed attempt to login. To review the latest log entries type:

The output presents the results of your authentication attempts, information about your user account, authentication key, or password.

The log provides you with information that can help you find possible issues in the sshd configuration file, sshd_config. Any changes made to the file can affect the terms under which an ssh connection is established and lead the remote server to treat the client as incompatible. To access the sshd_config file type:

The sshd configuration file enables you to change basic settings, such as the default TCP port or SSH key pairs for authentication, as well as more advanced functions such as port-forwarding.

For example, the MaxStartups variable defines how many connections a system accepts in a predefined period. If you have a system that makes a large number of connections in a short timeframe, it might be necessary to increase the default values for this variable. Otherwise, the remote system might refuse additional attempted ssh connections.

Anytime you edit the sshd_config file, restart the sshd service for the changes to take effect:

Only edit the variables that you are familiar with. A server can become unreachable as a result of a faulty configuration file.

You have thoroughly checked the most common reasons behind the “ssh_exchange_identification: read: Connection reset by peer” error. By looking at each possibility, in turn, you have successfully solved the issue and now know how to deal with similar problems going forward.

The number of potential causes is vast and difficult to troubleshoot in every respect. Ultimately, if the error persists, it might be necessary to contact your host.

Источник

Arch Linux

You are not logged in.

#1 2011-02-04 06:21:31

ssh, sftp, sshfs error: Connection reset by peer

Done a bit of googling with this, haven’t found a solution. I’ve been trying to connect to a server for a bit now to get to a few backups, and none of the normal tools are working. I’ve added sshd to hosts.allow, sshd is running, and scp/ssh programs (putty and winscp) are working fine under Windows. Yet I can’t connect in Arch. Relevant info:
ssh -v output

#2 2011-02-04 06:52:40

Re: ssh, sftp, sshfs error: Connection reset by peer

Check the logs on the server.

#3 2011-02-04 07:10:41

Re: ssh, sftp, sshfs error: Connection reset by peer

Check the logs on the server.

I can only access it by ssh.

#4 2011-02-06 00:52:30

Re: ssh, sftp, sshfs error: Connection reset by peer

Please help, I need to access a backup sometime soon. I’m not sure what other logs I need to provide, and I can’t get anything from the server.

#5 2011-02-11 20:29:57

Re: ssh, sftp, sshfs error: Connection reset by peer

Hello, I’ve been attempting to fix this without luck for the last week. With the help of #openssh, I’ve determined that I cannot connect to any hosts with ssh. However, telnet connects and I have no firewall running. I would be most appreciative of any suggestions.

#6 2011-02-11 20:45:38

Re: ssh, sftp, sshfs error: Connection reset by peer

There’s not much to SSH. The only thing that i can think of is your /etc/ssh/ssh_config, did you doublecheck that?

hosts.allow/deny is not needed or of influence here, that would only apply to other machines connecting to your machine.

Have you tried with/without keyfile, as user/root etc?

#7 2011-02-11 20:58:28

Re: ssh, sftp, sshfs error: Connection reset by peer

I’ve tried moving /etc/ssh/ssh_config to ssh_config.old to generate a new config, no change. Before this, I never touched ssh_config and everything worked. I’ve tried as root, my user, and a newly made user with no files in its home dir. The only thing I haven’t tried is keyfiles, but I need to be able to access the server to set those up.

Last edited by soupcan (2011-02-11 21:02:22)

#8 2011-02-11 21:06:29

Re: ssh, sftp, sshfs error: Connection reset by peer

I’ve tried moving /etc/ssh/ssh_config to ssh_config.old to generate a new config, no change. Before this, I never touched ssh_config and everything worked. I’ve tried as root, my user, and a newly made user with no files in its home dir. The only thing I haven’t tried is keyfiles, but I need to be able to access the server to set those up.

You said that you couldn’t connect to any host, so maybe you could try connecting to a different host wihout keyfile?

Edit: my bad, you weren’t using a keyfile in the first place.

Last edited by litemotiv (2011-02-11 21:08:28)

#9 2011-02-11 21:23:55

Re: ssh, sftp, sshfs error: Connection reset by peer

I’ve tried moving /etc/ssh/ssh_config to ssh_config.old to generate a new config, no change. Before this, I never touched ssh_config and everything worked. I’ve tried as root, my user, and a newly made user with no files in its home dir. The only thing I haven’t tried is keyfiles, but I need to be able to access the server to set those up.

You said that you couldn’t connect to any host, so maybe you could try connecting to a different host wihout keyfile?

Edit: my bad, you weren’t using a keyfile in the first place.

I never even get the option to enter a password anyway, so I feel like keyfiles wouldn’t have fixed anything. Not really a loss.

Last edited by soupcan (2011-02-11 21:32:29)

#10 2011-02-12 00:00:43

Re: ssh, sftp, sshfs error: Connection reset by peer

Try disabling tcp checksum offloading with ethtool.

#11 2011-02-14 21:46:06

Re: ssh, sftp, sshfs error: Connection reset by peer

I’m really thinking it is an Arch Linux bug.
I have a router (WiFi AP) and three devices connected: one computer with bleeding edge arch (1), one with almost one year old arch (2) and a android cellphone (3). So, everything is using the same external IP.

When I try to connect to a server using SSH, (1) has the same problem described by soupcan, (2) and (3) connects perfectly. (1) does not have network problem, since I can connect to the server by VNC, for example. I also tried SSH at the same port of VNC to exclude firewall problems, but the problem remains.

#12 2011-02-14 23:39:31

Re: ssh, sftp, sshfs error: Connection reset by peer

In case you feel like helping solve this issue: http://bugs.archlinux.org/task/22897

#13 2011-02-15 08:16:09

Re: ssh, sftp, sshfs error: Connection reset by peer

Issue reproduced here, but against Ronis_BR’s server only — my own is working fine, with 5.8 client connecting to 5.6 server.

Have either of you run your server in debug mode while these connections are attempted? A comparison of the outputs for 5.6->5.6 and 5.8->5.6 might be useful.

#14 2011-02-16 12:21:42

Re: ssh, sftp, sshfs error: Connection reset by peer

I have a problem connecting to HP iLO with current version: openssh 5.8p1.
I have compiled 5.6p1 5.7p1 and 5.8p1 with no any options passed to ./configure but prefix. Here is the result:

As you can view — I have success only with openssh 5.6p1

Is there any configuration option that I can try to solve the issue?

#15 2011-03-07 19:24:58

Re: ssh, sftp, sshfs error: Connection reset by peer

I’m no longer having this issue, it seems to have been resolved by a recent update. I’m going to try and determine which one it was.

#16 2011-03-09 17:47:09

Re: ssh, sftp, sshfs error: Connection reset by peer

I still have the problem, so if you know what solved it post it, please.

Источник