“kex_exchange_identification: Connection reset by peer” The Fix.

Guide Linux
Sophia Atkinson

“kex_exchange_identification: Connection reset by peer” The Fix.

If you have received this error when trying to ssh into your server here is how to fix it.

To do this you will need access to your server’s terminal in some way.

Run the following command sudo nano /etc/hosts.deny do not run this as root as it will not work

you should see the following

# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
#                  See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID

sshd: ALL

If you see this that is your problem you need to change sshd: ALL to allow all IPs or just specific. But how do I do that you may ask?

This is how we do it.

# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
#                  See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID

sshd: PARANOID

You can make it PARANOID which is a wildcard or you can specify an IP by changing it to

sshd : IP-Address1, IP-Address2, IP-Address3

Or you can run 

sudo sed -i 's/sshd: ALL/sshd: PARANOID/g' /etc/hosts.deny

If this helped you in any way please let me know!

Thanks to Crybit.com

I am the creator of the worst. Gal on the brink of a mental breakdown trying to hold it together. Join me as I riot!

Leave a Reply

All comments are manually reviewed and moderated.
Required fields are marked *


By commenting, you consent to our Privacy Policy

Related Posts

Back To Top
Skip to content