Many a times when accessing a server via SSH you may end up with “ssh_exchange_identification: Connection closed by remote host” error message. For example:
# ssh firstname.lastname@example.org
ssh_exchange_identification: Connection closed by remote host
OR may be more descriptive error when you use the verbose mode (-v flag)
# ssh -v email@example.com
OpenSSH_4.0p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to testserver.com [126.96.36.199] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type 2
The ‘ssh_exchange_identification’ issue occurs for various reasons. So to fix the issue, check the following:
1) TCP wrappers i.e. whether ssh is restricted to certain IPs in /etc/hosts.allow and /etc/hosts.deny. If yes, make sure your local IP is added in the allowed list.
Edit the /etc/hosts.allow file and add the following at the top:
sshd : yourlocalip : allow
2) The /var/empty/sshd folder should be owned by user ‘root’. Sometimes if a new application is installed, it somehow changes the ownership of the /var/empty/sshd directory resulting in ‘ssh_exchange_identification’ error message.
# chown root.root /var/empty/sshd –R
3) If the permission of the private key files are incorrect i.e. if private key files are readable by all, it also results in “ssh_exchange_identification: Connection closed by remote host” error.
For example, if any of the private key file “ssh_host_key, ssh_host_rsa_key or ssh_host_dsa_key” in /etc/ssh directory have 644 permissions, they should be set to 600.
# cd /etc/ssh
# chmod 600 ssh_host_key ssh_host_rsa_key ssh_host_dsa_key