# The Ubuntu Forum Community > Ubuntu Specialised Support > Security > [ubuntu] ssh_exchange_identification: Connection closed by remote host

## rodendahl

If this has been posted before, I apologize.
Prior to last Thursday, I have been able to ssh into my server at home every day. Last week, I had a number of ssh login failures due to fat fingering the keyboard. 

Now, I get the error "ssh_exchange_identification: Connection closed by remote host". I am locked out. The /var/log/auth.log file shows the IP address of the subsequent login attempts and they are all failures.

I have tried from another Ubuntu laptop and a Windows laptop using WinSCP. All attempts are locked. It appears to be IP address related because I tried to ssh using another username and I get the same message.
I'm guessing that the IP address is blocked. I cannot get to another location.

How do I get back in?

----------


## Nepherte

Maybe you still have to allow the ip addresses in /etc/hosts.allow


```
sshd: xxx.xxx.xxx.xxx
```

You can use single ip addresses or network addresses with subnet masks.

----------


## rodendahl

With the help of a friend, I found the solution. 
1) clear out the hosts.deny file
2) restart the denyhosts daemon

Problem solved

----------


## Ampi

I have the same problem, but the posted solution doesn't help me. 

Since I moved and got a new IP address, I get this error. I have always been able to log in before. I do not have access to the remote computer. 

On my own computer I don't find the ssh logs. I have no idea what to do.

----------


## ploum

I've the same problem since today. My workaround: ssh to another box with another IP and then, from there, ssh to my server.

So it seems that my current IP is blocked somewhere. Unfortunatly, I cannot find where (both /etc/hosts.* files are empty)

----------


## cariboo

I have had  the same problem due to a ssh misconfiguration. The way to repair the problem that was recommened in the forum, was to go to /var/lib/denyhosts and clear any instances of your ip address in the files in that directory. Be sure to stop the denyhost daemon before making any changes, as you will just be added to the hosts.deny list again.

Jim

----------


## ploum

Well, I don't have any denyhost file. The only file I have is /etc/hosts.deny and it's empty.

Also, package denyhosts is not installed on that server...

----------


## Ampi

same goes for me..

----------


## espakm

Same for me.
I usually get this message (ssh_exchange...), but sometimes not.
When I try to login repeatedly (6-10 times), sooner or later it asks for a password and I can log in.
The host.deny is empty, I have no /var/lib/denyhosts file, and there is much free memory.

----------


## cariboo

If you don't have denyhosts installed then the solution I mentioned will not work. 

Jim

----------


## Nepherte

If it's any help, this is my /etc/hosts.deny:


```
#
# /etc/hosts.deny
#

ALL: ALL: DENY

# End of file
```

And this is my /etc/hosts.allow


```
#
# /etc/hosts.allow
#

sshd: ALL EXCEPT /etc/hosts.evil

# End of file
```

I'm using DenyHosts though. Since you don't use it, remove EXCEPT /etc/hosts.evil

----------


## flint_

Dear Rodendahl,

Thanks!




> With the help of a friend, I found the solution. 
> 1) clear out the hosts.deny file
> 2) restart the denyhosts daemon
> 
> Problem solved


This worked for me.  As an extra measure put the ip address of your firewall or nat in the /etc/hosts.allow file like this:

ssh ip.of.nat.box  # where these are the canonical ip address as numbers.

Regards,

Flint

----------


## maphilli14

I see this when switching from wired to wireless networks.  Then it goes away if I switch back and reboot the server.... any ideas???

TIA,

Mike

----------


## ejackman

Thanks rodendahl, this worked beautifully




> With the help of a friend, I found the solution. 
> 1) clear out the hosts.deny file
> 2) restart the denyhosts daemon
> 
> Problem solved

----------


## zzzisgood

I had the same problem several days ago, it was working perfectly, but suddenly broken without any reason. 

Clearing the hosts.deny did not solve the problem for me, instead, I had to remove and reinstall openssh-server to get it work.

----------


## brianwc

I'm getting this problem on two Debian Lenny installs that use apt-pinning to install a few packages from Squeeze. This only began happening after doing the Lenny upgrades made available on January 30, 2010. 

I don't have a hosts.deny problem, changing the MaxStartups doesn't help, and removing and re-installing openssh-server and ssh made no difference. When I do ssh -v 192.168.1.35 I get:

OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.35 [192.168.1.35] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

Any other ideas?

----------


## brianwc

Solution for me was:



```
         apt-get remove --purge libk5crypto3
         apt-get install --reinstall libkrb53
```

This also fixed an error that was causing apache2 not to start.

----------


## asm2000

this worked for me 

echo "00 */4 * * 6 root /etc/init.d/ssh restart" >> /var/spool/cron/crontabs/root

----------


## asm2000

or this also
edit:
/etc/ssh/sshd_config

Look for

Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

uncomment this line:

ListenAddress 0.0.0.0

So it look like this:

Port 22
Protocol 2
ListenAddress 0.0.0.0
#ListenAddress ::

----------


## brianwc

```
         apt-get remove --purge libk5crypto3
         apt-get install --reinstall libkrb53
```

also worked for me on a Debian Lenny box.

----------


## Sociologist

> ```
>          apt-get remove --purge libk5crypto3
> ```


And what this command do? :Popcorn:

----------


## cariboo

If you aren't sure what a command does, you can always check the man page to see what the options do. eg:



```
man apt-get
```

the command you quoted, completely removes the package called libk5crypto3, checking synaptic, it tells us that the package is MIT Kerberos runtime libraries - Crypto Library

----------


## bmartin

> the command you quoted, completely removes the package called libk5crypto3, checking synaptic, it tells us that the package is MIT Kerberos runtime libraries - Crypto Library


Did you also know that it removes hundreds of packages on an Ubuntu 10.10 install? It's true! APT has removed Gimp and Nautilus from my system. It's currently purging libgtk.

Fantastic! It's a good thing I have a 10.10 install disk handy.

----------


## cariboo

That's why you should never blindly run commands posted in the forums, the command will tell you what it is going to remove. If you don't stop to read the output before proceeding, you only have yourself to blame.

----------


## bmartin

Not if you've aliased the command to assume "yes" at prompts.

SSHD seems like something that should work out of the box. It does in other distros.

EDIT: It's OK, I just reinstalled ubuntu-desktop and that fixed most of it. Thank you for your helpful suggestions!

----------


## CharlesA

> Not if you've aliased the command to assume "yes" at prompts.


You really shouldn't do that. As you found out, it can be harmful.




> SSHD seems like something that should work out of the box. It does in other distros.


I haven't run across a distro where SSH doesn't work "out of the box" after install.

----------


## bmartin

OK, thank you for the elitist statements on what I should and shouldn't do with my own computer. Instead of answers, all I get is criticism. I really wish I could SSH remotely, but I get the infamous "ssh_exchange_identification: Connection closed by remote host" message. That's it, I'm unsubscribing.

----------


## CharlesA

> OK, thank you for the elitist statements on what I should and shouldn't do with my own computer. Instead of answers, all I get is criticism. I really wish I could SSH remotely, but I get the infamous "ssh_exchange_identification: Connection closed by remote host" message. That's it, I'm unsubscribing.


You didn't give us any information outside of "it removes hundreds of packages." The original post in from 2008, and there have been many releases of Ubuntu since then.

See here for a possible fix to the problem you are having, but without more information it's quite hard to troubleshoot a problem.

----------


## uRock

```
sudo apt-get install ubuntu-desktop
```

 will reinstall everything that you have uninstalled. I recommend removing the aliasing that you have done or use Synaptic Package Manager so that you can read and heed warnings before damaging your system in the future.

----------


## pointee

have the same problem, tried couple of things, until i found out, that actually my IP address was being blocked by the server i wanted to login to. i have no idea why my IP was put into the list on /etc/hosts.deny on the server. 
does anyone actually have an idea?

but i guess, there is nothing i can do, to log in there (without getting a new IP, or logging into another server first...), other than request the deletion of my IP on the hosts.denied on the server...

----------


## CharlesA

If you have DenyHosts installed, and fail the login a certain number of times, your IP gets blacklisted.

----------


## bitwhys

I'm working in a mostly windows environment with DNS served up the AD.  The server, best I can tell since I've given enough blood get answers to other questions, is configured to not register unsecure (read: Linux) hosts.  For the most part I get a kick out of it.  DHCP works fine (the box uses a reserved address) and nslookup resolves host names (except for the box I'm on, more amusement) but...

to make sure of things I added the host name of the remote computer I was lining things up for to the /etc/hosts file just to lock things down.

At one point after I had wu-ftpd working fine and dandy while fixing other stuff on a whim I dropped the remote computer's host name from from /etc/hosts since nslookup was working fine and BINGO!...

I could ftp locally but the remote host got kicked out without mercy.

After a while and having confirmed the wu-fptd and open-bsd configuration files where lined up properly more times than I care to admit, the penny dropped and I remembered the /etc/hosts file.  I put a reference to the remote computer back into HOSTS and Bob's your uncle the remote host was able to connect again and reek the havoc for which it was intended.

So

its is possible, as in my case, that inetd is kicking the remote connection out because it's name isn't resolving according the openbsd rules, whatever they are.

Maybe in addition to lining up the wu-ftpd and inetd (or whatever you're working on) allow entries, try dropping a hard code for the problem remote into /etc/hosts before blowing blowing things WFO with /etc/hosts.allow

btw

hi everybody :Smile: 

ps. did I say "it's"?  screw it.  I'm on the clock.

----------

