How to fix? "kex_exchange_identification: read: Connection reset by peer"

Question

I want to copy data with scp in GitLab pipeline using PRIVATE_KEY error is :

kex_exchange_identification: read: Connection reset by peer
Connection reset by x.x.x.x port 22
lost connection

pipeline log:

$ mkdir -p ~/.ssh
$ echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
$ chmod 600 ~/.ssh/id_rsa
$ eval "$(ssh-agent -s)"
Agent pid 22

$ ssh-add ~/.ssh/id_rsa
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)

$ ssh-keyscan -H $IP >> ~/.ssh/known_hosts
# x.x.x.x:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
# x.x.x.x:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10

$ scp -rv api.yml root@$IP:/home/services/test/
Executing: program /usr/bin/ssh host x.x.x.x, user root, command scp -v -r -t /home/services/test/

OpenSSH_8.6p1, OpenSSL 1.1.1l  24 Aug 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
kex_exchange_identification: read: Connection reset by peer
Connection reset by x.x.x.x port 22
lost connection

Answer 1

kex_exchange_identification: read: Connection reset by peer

When an ssh client connects to an ssh server, the server starts by sending a version string to the client. The error that you're getting means that the TCP connection from the client to the server was "abnormally closed" while the client was waiting for this data from the server, in other words immediately after the TCP connection was opened.

As a practical matter, it's likely to mean one of two things:

1. The ssh server process malfunctioned (crashed), or perhaps it detected some serious issue causing it to exit immediately.
2. Some firewall is interfering with connections to the ssh server.

It looks like the ssh-keyscan program was able to connect to the server and get a version string without an error. So the ssh server process is apparently able to talk to a client without crashing.

You should talk the administrators of this x.x.x.x host and the network that it's attached to, to see if they can identify the problem from their end. It's possible that something--a firewall, or the ssh server process itself--is seeing the multiple connections, first from the ssh-keyscan process, then by the scp program, as an intrusion attempt. And it's blocking the second connection attempt.

Answer 2

I suggest to check the routing table for one possibility. In my case on Ubuntu20, I added a local network routing entry to recover when I got the same error message when connecting to the server using ssh. It had disappeared unexpectedly, leaving only the default route.

user@hostname:~$ route -n Kernel IP routing table Destination     Gateway  
Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 enp1s0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 enp1s0  # <= disappeared

It seemed as if ack was being filtered by an incomplete routing table although first syn passed.

Answer 3

I met this issue after I changed my Apple ID password, so I updated my Apple ID and restart my Mac, it works now.

mac:release jianzhang$ git pull origin master
kex_exchange_identification: read: Connection reset by peer
Connection reset by 20.205.243.166 port 22
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Answer 4

Similar to @naoki-ogawa I had a problem with my routing table in my case I had an extra route for my local network.

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         RT-AX92U-3E20   0.0.0.0         UG    100    0        0 eno1
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 virbr1
192.168.50.0    RT-AX92U-3E20   255.255.255.0   UG    10     0        0 eno1
192.168.50.0    0.0.0.0         255.255.255.0   U     100    0        0 eno1

I simply removed the gateway on the local network (192.168.50.0)

route del 192.168.50.0/24 via 192.168.50.1

Problem resolved.

Answer 5

I had the same problem. I rebooted the server, then it was all good.

Answer 6

You can try the VPN or if you have been using it before, try to turn it off and connect it again If you don't have a budget for a VPN, you can try ProtonVPN which is free. It worked for me when I faced the same problem.

Answer 7

Try to check if open ssh server is up and running in the server side. Try checking the sshd config. It worked this way for me. Good luck.

Answer 8

Same issue with me: I have fixed the issue by doing below steps

1. edit file "etc/hosts.allow". Command to do so "sudo nano /etc/hosts.allow".
2. At end update value of ALL key to ALL like ALL : ALL. Save the file and try again.

Basically ALL might be set to something else therefore while establishing ssh connection to the host, it is expecting that the request should come from the IP starting from 10...* if ALL set to ALL : 10.. Therefore by replacing 10. with ALL, you are allowing connection from everywhere.