I faced a very strange issue on one of my public SSH server. It was failing intermittently with the error below:
ssh_exchange_identification: Connection closed by remote host
We all know that it's a generic one. Let me show you both client and server side logs.,
On SSH Client -
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 139.162.11.185 [139.162.11.185] port 22.
debug1: Connection established.
debug1: identity file /home/vivek/.ssh/id_rsa type -1
debug1: identity file /home/vivek/.ssh/id_rsa-cert type -1
debug1: identity file /home/vivek/.ssh/id_dsa type -1
debug1: identity file /home/vivek/.ssh/id_dsa-cert type -1
debug1: identity file /home/vivek/.ssh/id_ecdsa type -1
debug1: identity file /home/vivek/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/vivek/.ssh/id_ed25519 type -1
debug1: identity file /home/vivek/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
ssh_exchange_identification: Connection closed by remote host
On SSH Server
Feb 6 14:49:10 linsing2 sshd[19916]: Connection closed by 124.40.245.75
Feb 6 14:49:16 linsing2 sshd[19935]: Connection closed by 124.40.245.75
Feb 6 14:49:20 linsing2 sshd[19937]: Connection closed by 124.40.245.75
The whole issue is intermittent.
- Is this due to any DDOS attack on SSH server which has already made so many connections?
- Or is this is due to Max_Connection limit on SSH server ? (But Max_Connects works on per network basis we tried from 3 different networks and got the same error)
- Or is there a possible chance of number of currently opened files or connections on the SSH server? (Note - We don't have much users doing sftp or ssh)
Please share your thoughts, it would be helpful !
