After upgrading to Ubuntu 11.04, I encountered a frustrating SSH issue where every connection attempt resulted in:

Read from socket failed: Connection reset by peer

The problem persisted across all remote hosts while local SSH worked fine. Let me walk through the diagnostic process and solutions.

Running ssh -vvv revealed the connection was being reset during the key exchange phase:

debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer

The server logs showed similar behavior:

May  1 19:15:23 localhost sshd[2848]: debug1: SSH2_MSG_KEXINIT sent
May  1 19:15:23 localhost sshd[2848]: fatal: Read from socket failed: Connection reset by peer

First, examine your SSH configuration files:

/etc/ssh/ssh_config (client-side):

Host *
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication no
    GSSAPIDelegateCredentials no

Potential issues to address:

• Protocol version mismatches
• Key exchange algorithm compatibility
• Cipher suite negotiation problems

Try forcing specific protocol versions and algorithms:

ssh -o "KexAlgorithms=diffie-hellman-group14-sha1" user@host

Or create a host-specific configuration in ~/.ssh/config:

Host problematic-server
    HostName 10.0.0.2
    KexAlgorithms diffie-hellman-group14-sha1
    Ciphers aes128-ctr,aes192-ctr,aes256-ctr
    MACs hmac-sha1

Check for MTU issues with:

ping -s 1472 -M do 10.0.0.2

Test raw TCP connectivity:

nc -zv 10.0.0.2 22

For deeper analysis, use packet capturing:

sudo tcpdump -i eth0 -w ssh.pcap port 22

Then examine the packet capture in Wireshark to see exactly where the reset occurs.

1. Update OpenSSH: Both client and server should run recent versions
2. Check Key Permissions: chmod 600 ~/.ssh/id_*
3. Test without agent: ssh -o IdentitiesOnly=yes
4. Disable IPv6: Add AddressFamily inet to ssh_config

The most likely culprit was a protocol version mismatch combined with strict server-side crypto policies after the Ubuntu upgrade.

When attempting SSH connections from an Ubuntu 11.04 system, you're encountering a frustrating "Connection reset by peer" error during the key exchange phase. The verbose output shows the connection establishes successfully but fails immediately after SSH2_MSG_KEXINIT is sent.

The debug output reveals several important clues:

debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer

Server-side logs show similar symptoms:

May 1 19:15:23 localhost sshd[2848]: debug1: SSH2_MSG_KEXINIT sent
May 1 19:15:23 localhost sshd[2848]: fatal: Read from socket failed: Connection reset by peer

The most likely culprits are:

• Incompatible encryption algorithms between client (OpenSSH 5.8) and server (OpenSSH 4.2)
• Corrupted or missing key files in ~/.ssh/
• Network-level interference (though unlikely given localhost works)

1. Test Basic Connectivity

First verify basic network access to the target port:

telnet target_host 22
nc -zv target_host 22

2. Check Key File Permissions

Ensure proper permissions on SSH key files:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
chmod 644 ~/.ssh/known_hosts

3. Specify Compatible Algorithms

Try forcing older, more compatible algorithms:

ssh -oKexAlgorithms=diffie-hellman-group14-sha1 \
    -oHostKeyAlgorithms=ssh-rsa,ssh-dss \
    -oCiphers=aes128-ctr,aes192-ctr,aes256-ctr \
    user@host

4. Create Minimal Configuration

Temporarily use a minimal configuration file:

cat > ~/ssh_minimal_config <

sudo tcpdump -i eth0 -w ssh_capture.pcap port 22
ssh user@host
# Then analyze with Wireshark

# Add to /etc/ssh/ssh_config or ~/.ssh/config
Host legacy_servers
    Hostname your.server.com
    User your_username
    KexAlgorithms diffie-hellman-group14-sha1
    HostKeyAlgorithms ssh-rsa,ssh-dss
    Ciphers aes128-ctr,aes192-ctr,aes256-ctr
    MACs hmac-sha1
    PubkeyAcceptedKeyTypes ssh-rsa,ssh-dss

ssh legacy_servers