8

Connecting to my server has never been a problem. But now I've added a mesh router in bridge mode to my regular router, and when I try to ssh to my server, sometimes it works fine, and other times the connection is closed at initiation with:

kex_exchange_identification: Connection closed by remote host

This is only when I am first trying to connect - on the times it succeeds in connecting, it stays connected just fine.

It also seems to fail more often with scp than ssh, which I find odd, but could just be my own non-statistical impressions...

I'm guessing the bridge mode is randomly getting in the way of the ssh and killing the connection, any thoughts?

Improve this question
3
  • 2
    Try to set LogLevel DEBUG on the server in /etc/ssh/sshd_config and see auth.log for clues. I've been troubleshooting a problem with the similar symptoms just now and it turned out to be dropping connections due to MaxStartups limits, which was clearly seen in the debug log.
    – Queeq
    Commented Sep 17, 2019 at 10:11
  • 1
    Possibly helpful: edoceo.com/notabene/ssh-exchange-identification
    – shayaan
    Commented Oct 1, 2019 at 19:06
  • Thanks for the link, but all of those (except heavy load - which is not the problem) are for seeing this error every time, as opposed to occasionally, as I have been seeing it.
    – David Ljung Madison Stellar
    Commented Oct 10, 2019 at 22:40

1 Answer 1

Reset to default
0

I found this question from searching the web, because I was seeing the same error message and had no idea what it meant or what was causing it.

For me, the cause was having turned Intrusion Protection on in my Unifi Network controller. Some sort of firewall was incorrectly flagging my everyday SSH connection as a "Potential SSH Scan" and blocking it.

Threat Management Alert 2: Attempted Information Leak. Signature ET SCAN Potential SSH Scan OUTBOUND. From: 192.168.xxx.xxx:58944, to: 192.168.xxx.xxx:22, protocol: TCP

Rather than disable this additional helpful layer of network protection, I decided to temporarily whitelist the IP address for the development machine that is trusted to bypass these checks. Once whitelisted, everything was OK.

I'm uncertain if bridge mode alone would cause this, but my experience is similar to yours in that a piece of networking equipment was intercepting and prematurely terminating the connection before it made it outside of my LAN.

Improve this answer
5
  • That was a firewall causing the problem - but I don't have a firewall in the way. I presume when you "whitelisted the IP address" that was with the firewall?
    – David Ljung Madison Stellar
    Commented Feb 25, 2020 at 20:09
  • @DavidLjungMadisonStellar Correct. In my case, inside of Unifi's Intrusion Protection existed a setting allowing me to add trusted IP addresses. Once entered, I was good to go.
    – John James Jacoby
    Commented Apr 3, 2020 at 14:00
  • Was this an intermittent problem you were seeing, or was it always flagging it?
    – David Ljung Madison Stellar
    Commented Apr 4, 2020 at 19:33
  • It was persistent, not intermittent.
    – John James Jacoby
    Commented Apr 28, 2020 at 17:13
  • That's what I thought. Mine is intermittent, so unlikely to be a firewall, unless the firewall is only sometimes working. :)
    – David Ljung Madison Stellar
    Commented Apr 28, 2020 at 23:24

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .