This frustrating connection issue typically occurs when the SSH daemon (sshd) terminates the connection during the initial handshake phase. Let's analyze the debug output and explore solutions.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'These lines suggest potential corruption in your SSH key files. However, the root cause often lies elsewhere since removing keys didn't help.
First, verify SSH service status:
sudo service ssh status
# or for newer systems:
sudo systemctl status sshdCheck critical SSH configuration files:
sudo nano /etc/ssh/sshd_configLook for these common culprits:
MaxStartups 10:30:60
LoginGraceTime 2m
PermitRootLogin without-passwordExamine the auth logs for clues:
sudo tail -f /var/log/auth.log
# Or on newer systems:
sudo journalctl -u ssh.service -fTry these solutions in order:
1. Reset SSH Configuration
sudo mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sudo apt-get --purge autoremove openssh-server
sudo apt-get install openssh-server2. Check for Resource Exhaustion
SSH might be failing due to system limits:
ulimit -a
sysctl net.ipv4.tcp_fin_timeout3. Verify TCP Wrappers Configuration
Even empty files can cause issues:
sudo rm /etc/hosts.deny
sudo touch /etc/hosts.allowRun sshd in debug mode on non-standard port:
sudo /usr/sbin/sshd -d -p 2222Then connect with:
ssh -p 2222 user@host -vvvCheck for firewall rules or network issues:
sudo iptables -L -n -v
sudo netstat -tulnp | grep sshCreate a startup check script:
#!/bin/bash
if ! pgrep -x "sshd" > /dev/null
then
logger "SSH daemon not running - restarting"
service ssh restart
fiAdd to cron with:
crontab -e
# Add:
* * * * * /path/to/script.shRemember to test each solution methodically before moving to the next one. The most effective approach is often a combination of these techniques.
The ssh_exchange_identification: Connection closed by remote host error typically occurs when the SSH daemon terminates the connection before completing the protocol exchange. From the debug output, we can see the connection establishes successfully but fails during key exchange.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'These messages suggest potential corruption in your SSH key files. First, verify your key file format:
cat ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA3V8W... # Should look like this
-----END RSA PRIVATE KEY-----On your Ubuntu server, examine the SSH daemon logs:
sudo tail -f /var/log/auth.log
# Or for newer systems:
sudo journalctl -u ssh --no-pager -n 50Common log patterns indicating issues:
sshd[1234]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
sshd[1234]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
sshd[1234]: fatal: No supported key exchange algorithmsSSH is extremely particular about file permissions. Check these critical permissions:
ls -la ~/.ssh/
# Should show:
-rw------- 1 user user 1675 May 10 09:00 id_rsa
-rw-r--r-- 1 user user 400 May 10 09:00 id_rsa.pub
-rw-r--r-- 1 user user 222 May 10 09:00 authorized_keys
drwx------ 2 user user 4096 May 10 09:00 .To precisely identify where the connection fails:
ssh -vvv user@host 2> ssh_debug.log
# Then analyze the complete debug outputCommon failure points in the handshake:
- TCP connection established
- SSH protocol version exchange
- Key exchange initiation
- Authentication phase
If you have physical access, regenerate host keys:
sudo rm /etc/ssh/ssh_host_*
sudo dpkg-reconfigure openssh-serverCheck SSH daemon configuration for restrictions:
sudo grep -v '^#' /etc/ssh/sshd_config | grep -v '^$'
# Pay attention to:
# MaxStartups
# LoginGraceTime
# PermitRootLoginIf standard SSH fails, try these diagnostic connections:
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@host
ssh -o KexAlgorithms=diffie-hellman-group14-sha1 user@hostVerify network-level connectivity:
telnet host 22
# Should return SSH banner
# If connection drops immediately, check:
sudo iptables -L -n -v
sudo ufw status