Fix: ssh_exchange_identification read connection reset

To establish an SSH connection, multiple prerequisites need to be configured before doing so. These prerequisites include configuring the firewall, port 22, using the correct username/hostname, and much more. While working with SSH, an error “ ssh_exchange_identification read connection reset” occurs. There are several reasons for this error. This guide will demonstrate the possible solutions to solve the error.

Reason: SSH Connection Not Configured

One of the main reasons for causing the “ssh_exchange_identification read connection reset” error is that the ssh connection does not configure.

Therefore, the TCP stream does not allow for establishing a connection to the remote server.

Solution 1: Trace Hosts Not Accessed

Using the Nano Editor, you can check the list of hosts that have not been privileged to access the removed server.

For instance, the “hosts.deny” configuration file is accessed by specifying the path with the root privilege as below:

$ sudo nano /etc/hosts.deny

It navigates to the particular file on which to find out the local IP address or hostname of your machine. If found, you must remove that block from the remote connection.

After specification modifications, you can check the remote connection. If you found the same error, follow the below step to allow services.

Solution 2: Allow a Specific IP Address or Hostname

The “host.allow” file contains the rules of accessibility to the remote server. One of the solutions to resolve the error, modify the above file by assigning an IP address or hostname. To access the “host.allow” file, follow the below script:

$ sudo nano /etc/hosts.allow

It navigates to the Nano Editor, on which you can assign a specific IP address that allows permission to access the remote server. For this, paste the below script in the “hosts.allow” configuration file:

$ sshd: ALL
$ sshd:, LOCAL

After assigning the local IP address, hit the “Ctrl+S” to save the file. After that, you can exit this editor by pressing the “Ctrl+X” key.

Solution 3: Check Banned IP Address via fail2ban Services

The fail2ban is a service that protects against multiple suspicious attempts to the server. It blocks the IP address by following the firewall rules. It monitors the malicious behavior that alters rules present in the host.allow and host.deny files.

$ sudo iptables -L --line-number

Solution 4: Restart the SSHD Services

One of the possible solutions to resolve the error is to restart the SSHD services and create a new connection to the remote server. To do so, execute the below script:

$ service sshd restart

After executing the script, it requires authentication to restart the sshd services. For instance, type the password and hit the “Authenticate” button below:

After pressing the button, it takes some time to restart the sshd services.

Note: For more details on SSH, click here to read our article.


The error “ssh_exchange_identification read connection reset” comes across because the local machine does not access the remote server through the ssh connection. It can be resolved by specifying the IP address or hostname to allow permission by modifying the firewall rules.

Additionally, users can trace out the banned IP address through the “fail2ban” service or restart the SSHD services by executing the “<service sshd restart>” script. This guide has explained all possible solutions to encounter the “ssh_exchange_identification read connection reset” error.