ssh_exchange_identification: Connection closed by remote host

Question

Possible Duplicate:
ssh_exchange_identification: Connection closed by remote host

I see this is a common error but I have read through many questions and answers and nothing of it seems to help.

# ssh -vvv machine
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to machine [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /root/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /root/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

But I can ssh to this machine (A) from other machines (B), I just have the problem from one specific machine (C). ssh from A to C also works fine.

I have checked /etc/hosts.deny and it is empty while /etc/hosts.allow allow everyone with sshd: ALL: allow. There is no authorized_keys file in use.

Try moving/removing ~/ssh/id_rsa -- the debug says that the ssh client doesn't like it. — David Mackintosh, Jan 25 '11 at 20:52

score 1 · Answer 1 · answered Feb 15 '11 at 22:14

There are two things I would check.

Verify the ownership and permissions of the private key you're using.
Verify the format of the ssh-key you're using. If you're using a commercial SSH ssh-key, they have a different format than OpenSSH (& derivatives). Looks to me like you'll need to generate a new key on your client machine, then you'll need to copy that public key to your server machine, where you may need to convert it for use with openssh.
```
ssh-keygen -i -f input.pub > output.pub
```
Where input.pub is the key you copied from your client, and output.pub is the key you'll add to the authorized_keys file on the server machine.

score 1 · Answer 2 · answered Sep 04 '11 at 20:27

I had exactly the same error. I changed the /etc/hosts.allow file from

  ALL : localhost 127.0.0.1/32 [::1]/128 [::ffff:127.0.0.1]/128 : allow
  ALL : PARANOID : deny
  sshd: ALL : allow

to

  ALL : localhost 127.0.0.1/32 [::1]/128 [::ffff:127.0.0.1]/128 : allow
  sshd: ALL : allow
  ALL : PARANOID : deny

Hope it helps.

score 0 · Answer 3 · answered Jan 23 '12 at 08:13

I notice this error on servers when port 22 is getting hammered from a password guess attack or any general DoS. I usually need to console the server, check auth.log and null route the IP in question. One good fix was to rate limit SSH through IPtables.

ssh_exchange_identification: Connection closed by remote host

3 Answers3