I upgraded to Fedora 20 a few weeks back. I had very few issues in the upgrade process and the system is stable. One lingering issue I have is described below.
I have one computer on my LAN with a reverse port forward set up back to the recently updated fedora 20 machine. I can verify the reverse forward works because the following is successful from the fedora 20 computer:
$ ssh -p 1234 xxxxx#localhost
xxxxxx#localhost's password:
Last login: Mon Dec 1 14:08:22 2014 from localhost.localdomain
However if I specify the port number after localhost I get a “could not resolve” error as shown below:
$ ssh -v xxxxx#localhost:1234
OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
ssh: Could not resolve hostname localhost:1234: Name or service not known
So in the first situation it sees hostname=localhost and resolves that to an IP address. In the second situation it sees hostname=”localhost:1234:” ...
The contents of /etc/host is :
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
Right now I'm trying to determine if this is a resolving thing or something else. a "dig localhost" doesn't return an answer section so that suggest it is. At the same time localhost:port# works in a browser. I don't know how localhost is resolved from /etc/hosts, I assume NetworkManager does this? I'm not running any sort of internal DNS server on my LAN.
I'm happy to provide additional information if requested & thanks in advance
You have to use the -p option to specify a port with SSH, not the hostname:port format.
ssh -v xxxxx#localhost -p 1234
$ ssh -v xxxxx#localhost:1234
ssh: Could not resolve hostname localhost:1234: Name or service not known
"user#host:port" or "host:port" simply aren't valid syntax for specifying a destination on the ssh command line. ssh treats everything after the "#" as a hostname. It doesn't treat part of that field as a port number, and it's not documented to do so.
The specific error indicates that ssh is trying to look up the IP address for a nonexistent host named "localhost:1234" and failing.
Related
I am trying to set up an alias in my config that should give the same result as
ssh -N -L 3307:1.1.1.1:3306 username#remoteip
My current .ssh/config looks something like this.
Host connect
User username
HostName remoteip
port 22
LocalForward 3307 1.1.1.1:3306
What do I put in the above config to not start a shell?
Host connect
User username
HostName remoteip
port 22
LocalForward 3307 1.1.1.1:3306
SessionType none
sessiontype just gives Bad configuration option: sessiontype even though its documented on manual for ssh options
What version of SSH are you using (ssh -V)?
From the release notes it looks like this feature was only added in version 8.7 released in August last year. Maybe updating SSH might solve your problem?
I want to copy data with scp in a GitLab pipeline using PRIVATE_KEY.
The error is:
kex_exchange_identification: read: Connection reset by peer
Connection reset by x.x.x.x port 22
lost connection
Pipeline log:
$ mkdir -p ~/.ssh
$ echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
$ chmod 600 ~/.ssh/id_rsa
$ eval "$(ssh-agent -s)"
Agent pid 22
$ ssh-add ~/.ssh/id_rsa
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
$ ssh-keyscan -H $IP >> ~/.ssh/known_hosts
# x.x.x.x:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
# x.x.x.x:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
$ scp -rv api.yml root#$IP:/home/services/test/
Executing: program /usr/bin/ssh host x.x.x.x, user root, command scp -v -r -t /home/services/test/
OpenSSH_8.6p1, OpenSSL 1.1.1l 24 Aug 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
kex_exchange_identification: read: Connection reset by peer
Connection reset by x.x.x.x port 22
lost connection
kex_exchange_identification: read: Connection reset by peer
When an SSH client connects to an SSH server, the server starts by sending a version string to the client. The error that you're getting means that the TCP connection from the client to the server was "abnormally closed" while the client was waiting for this data from the server, in other words immediately after the TCP connection was opened.
As a practical matter, it's likely to mean one of two things:
The SSH server process malfunctioned (crashed), or perhaps it detected some serious issue causing it to exit immediately.
Some firewall is interfering with connections to the ssh server.
It looks like the ssh-keyscan program was able to connect to the server and get a version string without an error. So the SSH server process is apparently able to talk to a client without crashing.
You should talk the administrators of this x.x.x.x host and the network that it's attached to, to see if they can identify the problem from their end. It's possible that something—a firewall, or the ssh server process itself—is seeing the multiple connections, first from the ssh-keyscan process, then by the scp program, as an intrusion attempt. And it's blocking the second connection attempt.
I had the same problem. I rebooted the server, then it was all good.
I met this issue after I changed my Apple ID password, so I updated my Apple ID and restarted my Mac. It works now.
git pull origin master
Output:
kex_exchange_identification: read: Connection reset by peer
Connection reset by 20.205.243.166 port 22
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
TL;DR:
find the server-side process listen-to-ssh port and kill it, and then restart the ssh service. It should solve this problem.
On the client side:
ssh account#ip -pPORT
kex_exchange_identification: read: Connection reset by peer
I tried it on the server side:
service ssh status
[ ok ] sshd is running.
service ssh restart
[ ok ] Restarting OpenBSD Secure Shell server: sshd.
but the client side ssh command still fail with the same kex_exchange_identification error.
Then I stop the ssh service on the server side (as root):
service ssh stop
[ ok ] Stopping OpenBSD Secure Shell server: sshd.
And the following client side ssh command still fails with the same kex_exchange_identification error. It's strange; if no process listen the port, it should be the error Connection refused.
It could be the process on the server side listening to the SSH port is dead, and even a restart / stop service do not work. So to find the process, and killing it may solve the problem.
The PORT here is the SSH port defined in 'server /etc/ssh/sshd_config', and the default is 22. As root:
netstat -ap | grep PORT
tcp 0 0 0.0.0.0:PORT 0.0.0.0:* LISTEN 8359/sshd
tcp6 0 0 [::]:PORT [::]:* LISTEN 8359/sshd
kill 8359
netstat -ap | grep PORT
no result
service ssh start
[ ok ] Starting OpenBSD Secure Shell server: sshd.
netstat -ap | grep PORT
tcp 0 0 0.0.0.0:PORT 0.0.0.0:* LISTEN 31418/sshd: /usr/sb
tcp6 0 0 [::]:PORT [::]:* LISTEN 31418/sshd: /usr/sb
The following client-side ssh command succeed.
I suggest to check the routing table for one possibility. In my case on Ubuntu 20.04 (Focal Fossa), I added a local network routing entry to recover when I got the same error message when connecting to the server using SSH. It had disappeared unexpectedly, leaving only the default route.
route -n Kernel IP routing table Destination Gateway
Output:
Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 enp1s0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0 # <= disappeared
It seemed as if ack was being filtered by an incomplete routing table although the first syn passed.
Similar to naoki-ogawa, I had a problem with my routing table. In my case, I had an extra route for my local network.
As root:
route
Output:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default RT-AX92U-3E20 0.0.0.0 UG 100 0 0 eno1
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 virbr1
192.168.50.0 RT-AX92U-3E20 255.255.255.0 UG 10 0 0 eno1
192.168.50.0 0.0.0.0 255.255.255.0 U 100 0 0 eno1
I simply removed the gateway on the local network (192.168.50.0):
route del 192.168.50.0/24 via 192.168.50.1
The problem was resolved.
For those who came across this page after upgrading a FreeBSD machine to 13.1 and then trying to ssh into it, see Bug 263489. sshd does not work after reboot to 13.1-RC4.
After the upgrade, the previous sshd daemon (OpenSSH < 8.2) is still running with new configurations (OpenSSH >= 8.2). The solution is to stop and then restart the sshd daemon. The FreeBSD 13.1 release notes now mention this and after 13.1, the freebsd-update script will automatically restart the daemon.
I had this error today when I was trying to use my Dell laptop running Ubuntu 20.04.5 LTS (Focal Fossa) and trying to SSH into a Raspberry Pi. When I was on my home Wi-Fi network and tried to SSH into the pi (also on my home Wi-Fi network) I got the error:
ssh pi#10.0.0.200
Output:
kex_exchange_identification: read: Connection reset by peer'
However, when I switched my Ubuntu Laptop over to a mobile hotspot, the error disappeared, and I was able to SSH without issue. Will update this post as soon as I figure out how to resolve the root cause.
Issue resolved (but full reason unclear). I followed the instructions to change my DNS server here to 8.8.8.8 and 8.8.4.4.
After about 5 minutes had elapsed, I was able to use SSH from my command line terminal just fine.
Error
kex_exchange_identification: read: Connection reset by peer
Connection reset by x.x.x.x port 22
I have an Ubuntu 20.04 host and two RHEL 8 VMs running on VMware. I log in into the two VMs from my Ubuntu terminal. I use Ethernet and Wi-Fi connections. Every time I try to log in into a VM after rebooting it, I get the error:
Restarting the sshd service will not solve the problem. Sometimes, the problem would be resolved if I physically disconnected and reconnected the Ethernet cable.
Finally I turned off my Wi-Fi connection with:
nmcli conn down <name_of_Wi-Fi_connection>
Or turning it off from settings and this gave me a permanent solution.
Both my Ethernet and Wi-Fi connections (static connections) had the same IP address, so I think the VMs were rejecting two "suspicious" similar connections.
Try to check if OpenSSH server is up and running on the server side.
Try checking the sshd configuration. It worked this way for me.
The same issue with me:
I have fixed the issue by doing the below steps.
edit file etc/hosts.allow. Command to do so sudo nano /etc/hosts.allow.
At the end, update the value of ALL keys to ALL like ALL : ALL. Save the file and try again.
Basically, ALL might be set to something else therefore while establishing ssh connection to the host, it is expecting that the request should come from the IP address starting from 10...* if ALL set to ALL : 10.. Therefore by replacing 10. with ALL, you are allowing connection from everywhere.
You can try VPN or if you have been using it before, try to turn it off and connect it again.
If you don't have a budget for a VPN, you can try ProtonVPN which is free. It worked for me when I faced the same problem.
I stopped and restarted an ubuntu 14.04 Google Cloud Compute Engine instance, and now my ssh connection is refused with:
ssh: connect to host 146.148.114.98 port 22: Connection refused
This already happened a previous time, I thought there was a problem with the machine, I deleted it and recreated and it started working again. I don't want to be recreating instances every time. The ssh troubleshooting page of google cloud is quite messy. My firewall rules seem to be ok. Anyone has a solution for this?
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
This is the output for: ps aux | grep ssh
root 29 0.0 0.4 55184 2860 ? Ss 11:26 0:00 /usr/sbin/sshd -p 22 -o AuthorizedKeysCommand=/google/devshell/authorized_keys.sh -o Author
izedKeysCommandUser=root
root 183 0.0 0.9 82692 5940 ? Ss 11:26 0:00 sshd: fbeshox [priv]
fbeshox 218 0.0 0.7 82692 4424 ? S 11:26 0:00 sshd: fbeshox#pts/0
fbeshox 522 0.0 0.3 12728 2200 pts/1 S+ 12:12 0:00 grep ssh
Here the verbose results of the ssh connetion attempt.
ssh -i .ssh/keyname username#130.211.53.51 -vvv
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/xxxx/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 130.211.53.51 [130.211.53.51] port 22.
debug1: connect to address 130.211.53.51 port 22: Connection refused
ssh: connect to host 130.211.53.51 port 22: Connection refused
It is possible that sshguard, a security tool installed on Ubuntu by default, is interfering with your connection. Basically sshguard might have incorrectly decided that your IP address is 'attacking' your instance and blocked the IP.
If you can log in from a different location, such as the Web SSH provided by the Cloud Console, try using sudo iptables -S to see if there are any firewall rules on the instance (different than the GCE firewall) created by sshguard. If so try disabling sshguard or adding your IP address on the whitlelist (http://www.sshguard.net/docs/whitelist/).
I know this is an old question but today I had similar issue and the problem was very simple - IP of the instance is changed after restart - so I had to update ssh string accordingly
This issue often happens after you changed your default zone or region.
Then, you must update the ssh keys in your metadata by
sudo gcloud compute config-ssh
You can see also the changes in the web interface under Compute Engine | Metadata | SSH Keys.
Try to SSH into the instance with a different username .Google Compute is a bit shaky at times . Try to SSH into the instance using VM instance page in Compute Engine . If SSH takes too much time and refuses connection, then login with a different username in SSH . You can login with a different name using a settings icon on top right corner of SSH window . If these all these doesn't go well, I will advise you to re create one more instance, as it has also been my experience that Google Compute Engine instances are not stable in terms of SSH accessibility and tend to create problems .It's better to use putty as a client to SSH into Compute Engine than the SSH terminals Google provides . Let me know if that helps you :)
I understood that my problem raised after detaching a disk from the console when the machine was stopped with that disk mounted. First unmount the disk, then detach it. Never seen the problem again.
Also make sure you did not recursively modify permissions for the /etc folder.
For example:
chmod -R 775 /etc
This will prevent you from logging back into the VM, even from the Web console and gcloud cli.
Instead, modify permissions on a more granular level e.g. /etc/nginx, etc.
I had the same problem and solved it by first connecting to the VM via browser SSH (from the "VM instances" web overview), which also fails, then choose the offered option of retrying without Cloud Identity-Aware Proxy which worked.
Afterwards all SSH-connections work again (both in browser and local shell).
Can someone help me why this is happening when I'm trying to connect to database or rails s?
In my pg_hba.conf file I have this:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication Andrew trust
#host replication Andrew 127.0.0.1/32 trust
#host replication Andrew ::1/128 trust
local all all md5
Maybe I'm doing it wrong?
Thanks
I had the same problem. somehow, this line was added to my /etc/hosts file:
fe80::1%lo0 localhost
commenting out or removing that line from /etc/hosts should fix it
sudo vi /etc/hosts
#fe80::1%lo0 localhost
I'm on OSX 10.9.3 and Postgres 9.3.4.
I've managed to resolve this problem in the following way:
First find your pg_hba.conf file by starting up psql with psql -h 127.0.0.1 and executing SHOW hba_file;:
hba_file
-------------------------------------
/usr/local/var/postgres/pg_hba.conf
(1 row)
Now add the following line to pg_hba.conf:
host all all fe80::1%lo0/128 trust
and reload the configuration via select pg_reload_conf(); within psql.
Now you should be able to connect via psql -h fe80::1%lo0.
Oo, that's an interesting one.
Assuming you're connecting to localhost (you didn't say and didn't show your database.yml), it appears that localhost is resolving to an IPv6 link-local address with zone index.
If you use ::1 or 127.0.0.1 it should work.
This is very likely an operating system misconfiguration or bug, so lots more detail (see comment above) should be added to the question if you want any concrete advice on that.
For me, the cause was calling sudo rails server -p 80.
I bound the rails server to port 80 so that I wouldn't have to specify a port in the url localhost:3000 during development. This appears to write fe80::1%lo0»localhost to my /etc/hosts file.
Try commenting out the line in your hosts file, then running rails s -p 3000
Actually,
The same error occurs for me when I execute pg_dump command to take backup of my server database (external) like below
'/Applications/Postgres.app/Contents/Versions/9.3/bin'/pg_dump -d "<database_name>" -h <server_name> -U <db_user_name> -f <destination_path>
I solved it (work around) by replacing my <server_name> to my actual server IP (10.1.0.18).
So the issue here is my system didn't understand the <server_name> host.
It might solve permanently when you add <server_name> host in /private/etc/hosts file.
Another variant: if IPv6 is not used in the network, you can just disable it. On Windows IPv6 service also can be disabled.
I'm using msysgit (Git-1.7.11-preview20120710.exe). I tried GitStack on Win8, which is a git server, and after uninstalling it because it didn't work out, I got blocked from accesing port 22 anymore. Here's what msysgit throws at me every time I try to push/clone/etc.
Welcome to Git (version 1.7.11-preview20120710)
Run 'git help git' to display the help index.
Run 'git help ' to display help for specific commands.
Alain#ALAIN-PC /d/Sync/Web/Work/Current/10042012_Madmen
$ cd madmen-intellectuals/
Alain#ALAIN-PC /d/Sync/Web/Work/Current/10042012_Madmen/madmen-intellectuals (de
v)
$ git push -v
Pushing to git#barrelstrengthdesign.beanstalkapp.com:/madmen-intellectuals.git
ssh: connect to host barrelstrengthdesign.beanstalkapp.com port 22: Bad file num
ber
fatal: The remote end hung up unexpectedly
Alain#ALAIN-PC /d/Sync/Web/Work/Current/10042012_Madmen/madmen-intellectuals (de
v)
$ ssh -Tv github.com
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Connecting to github.com [207.97.227.239] port 22.
debug1: connect to address 207.97.227.239 port 22: Attempt to connect timed out
without establishing a connection
ssh: connect to host github.com port 22: Bad file number
This wasn't happening before installing GitStack. And I really haven't done anything other than that in the middle. Any suggestions ?
Notes:
While installing GitStack, I didn't check "Install msysgit" option, because I already had it installed. But the application didn't work out of the box. I assume that's the reason. I uninstalled it inmediately after that.
I've rebooted and disabled my firewall several times. I checked with Nmap and says "filtered".
I already saw Git SSH error: "Connect to host: Bad file number", but this is not the solution I'm looking for. I want to go back to the previous state without the error. Besides, I'm not only using github.
It worked before installing GitStack.
Thanks!
GitStack does not support yet Windows 8 as this system is not released yet.
GitStack creates a restore point before its installation. You should try to revert your computer at a previous state.
Make sure also to double check that your firewall does not block the port 22. GitStack does not use and modify the port 22.