DISCLOSURE: This post may contain affiliate links, meaning when you click the links and make a purchase, we receive a commission.
Constructing a custom network is more challenging than it seems, that too, when you are working independently. Here, it’s not the hardware that creates the issue but the incorrect device configuration, which pops weird error messages.
One issue that users most commonly face is the error message: kex_exchange_identification: connection closed by remote host. Where many errors exist, the kex_exchange_identification error is faced by people who possess networking backgrounds.
Most affectees claim that their network was working fine until they introduced a new device which started prompting the error message. While it’s hard for individuals to find a solution for the error, we’ve prepared a complete guide explaining all the possible causes for the error message and how you can troubleshoot it yourself!
What Is The “kex_exchange_identification: Connection Closed By Remote Host” Error
The “kex_exchange_identification: connection closed by remote host” indicates that the connection (to the remote host using Secure Shell SSH) was established but was interrupted for some reason. Hence the connection is ultimately closed for the end user.
Getting such a prompt means that your connection is restricted, and you should perform the necessary actions so that client machines can continue their workflow without compromising their SSH connections. While there are a number of possible causes behind the issue, fortunately, all of them can be fixed!
Possible Causes of the “kex_exchange_identification: Connection Closed by Remote Host” Error
With the unclear error message informing the closure of your connection, tracking the exact cause might be tricky. One thing to add is that there may not be a single cause attributed to this error message, as multiple possibilities can contribute to this error.
Before moving on to fixing the issue, you first need to identify what’s causing the error message. Some common reasons are:
The connection between the SSH server and the client may close when you go idle for a moment. As a result, the firewall on your system can break the idle connection. This also indicates that your server’s AliveInterval is very short hence closing the connection.
Faulty Equipment Added
kex_exchange_identification error could also arise with the addition of defective equipment or device to your already existing network. Your entire system is very sensitive and may face problems even if one defective device is attached to it since it may interfere with the system software.
Another cause of the error is the server’s huge load from numerous client connections. One obvious reason is the lack of sufficient resources; however, it’s not always the case. Your server may have all the necessary resources but is producing the error message because it has a limit on the number of connections it can run simultaneously.
Normally, your keys/fingerprint (for secure client-server communication) can get corrupted, which happens if you’ve installed the files manually. If that is the case, you will likely face the kex_exchange_identification error while trying to establish a connection.
Your connection might also be closed because your IP address or domain name is listed inside the hosts.deny file, which is located inside the etc directory on the server. Any IP addresses listed inside the hosts.deny file are rejected whenever an SSH connection is tried to establish.
If that is the case, you will never establish a connection with the server until you remove the specific IP address, no matter what other methodologies you apply.
Connection With Wrong Port
All this time, you might be connecting to the wrong port. Here, the SSH connections could reach port 80 instead of port 22. Hence, nothing useful would happen, but your connection would close after generating the error message.
You can check which port the SSH service is running on inside the SSH configuration file using the following search line in Linux: $ grep Port /etc/ssh/sshd_config
Strict Firewall Rules
If you still can’t connect, it is recommendable to check your Firewall rules just to ensure that there is no rule blocking your connection in the server’s Firewall. The syntax for doing so varies for iptables, UFW, and FirewallD.
For Linux users, you can list firewall rules as the root user using the following command: $ iptables -nL
If you see rules of REJECT or DROP, you must ensure that the INPUT chain allows port 22 for your SSH service.
For FirewallD users, enter the command mentioned below: $ firewall-cmd –list-service
Output indicates the list of services, including SSH, which uses port 22 by default.
UFW users can use the command below: $ ufw status
Ensure that your SSH port 22 is on the list of the ports available.
Best Troubleshooting Methods of “kex_exchange_identification: Connection Closed by Remote Host”
Error resolution with the exact cause in hand is a walk in the park. However, this can confuse the starters, too, because even an incorrect action can increase the error list instead of decreasing it. Hence, let’s discuss all the troubleshooting techniques which you may apply to resolve the connectivity issue:
Method 1: Increasing Server’s Alive Interval
You should access your OpenSSH server to ensure that the server doesn’t go idle. OpenSSH is a connectivity tool for remote login with the SSH protocol, which also provides many network configuration options.
Inside the OpenSSH server, add the following command to change the server’s refresh rate to 5 minutes (or more by changing the value at the end of the command): $ ssh user@server -o ServerAliveInterval=300
Method 2: Checking Your Equipment
To make your network system work perfectly, you need to ensure that any newly installed device or equipment is right without any major bugs. This also means that it should be configured correctly.
Where network configuration is the process of assigning network settings, policies, flows, and controls; it is important because it maintains the flow of traffic throughout the network. You can use this general step regardless of the server type.
Here, CISCO (Computer Information System Company) provides detailed network configuration steps for different devices.
Method 3: Increasing MaxStartups
When multiple users log in via SSH to access the server, you should ensure that the SSH configuration file allows an appropriate number of parallel connections. You can increase the MaxStartups using the following command in the command line of Linux OS: $ cat /etc/ssh/sshd_config | grep MaxStartups
Method 4: Deleting Server-Side Keys
Try removing the public key of the server in the ~/.ssh/known_hosts client and try again. This will prompt a message to accept a new key from the server for your connection. Just accept and continue before logging in. After that, you can check whether the error message still exists.
Method 5: Restore Host’s Access
If you’ve located the IP address or domain of the client inside the /etc/hosts.deny file, remove it to restore access for that client. Don’t forget to save the file!
Method 6: Fixing Port Translation
After verifying the exact port for your connection, if the configured port is mismatched, you can specify the custom port using the following command inside the terminal: $ ssh -p port user@host
Method 7: Temporarily Stop iptables
You can temporarily stop iptables using the following command in Linux: $ systemctl stop iptables.service
Afterward, if you are able to gain a connection with your remote computer, it surely means that your Firewall rules were closing the connection in the first place.
Last Method: Reboot
If nothing’s worked up-till yet, you can try the good old turning it off and back on again method. Rebooting the system is helpful if memory fragmentation or something identical is the cause for your interrupted connections. You can use the following command in Linux to reboot your system: $ reboot
Your connection can close for multiple reasons; however, even if you fail to troubleshoot yourself, there is always help. You can seek assistance from a professional networking programmer or by opening a ticket at DigitalOcean, where charges may apply. Don’t forget to include all your diagnostic information with the help!