hi-

I read all the tutorials and did everything. I still get this crazy error I can't solve.

kex_exchange_identification: read: Connection reset by peer
Connection reset by 127.0.0.1 port 3184

I am using NAT with virtualbox with port forwarding and ssh.

I tried to go into /var/log/secure in fedora and read. I can't make much sense of it.

My ports are forwarded:

Host IP: 127.0.0.1
Host Port: 3184
Guest IP: 10.x.x.x
Guest Port: 22

I try executing: ssh -p 3184 -vvv -o PreferredAuthentications=password -o PubKeyAuthentication=no username@127.0.0.1

A question you may ask is, why key exchange identification when I changed it to passwords in my sshd_config on the linux guest machine server? It is like, no matter what I do, it marches on with its own agenda.

thanks for any ideas.

robo-loki

kex_exchange_identification means that the client and the server are trying to decide which algorithms to use to encrypt the session. You are probably connecting a very old client to very new server, or vice versa. The solution in that case is to upgrade, from backports if necessary.

Which version is your SSH client, which version is your SSH server?

1 members found this post helpful.

Hi-

I put the ssh version on cygwin to equal the version on fedora in vbox guest. I still get the errors after checking the version numbers (which match). I verified with ssh -V. I checked version number in cygwin package manager too.

Thanks for helping,
robo-loki

Hi gals/guys-

I figured it out. I don't like to play with firewalls.

I had checked the windows firewall with a command yesterday, and it said it wasn't blocking anything.

I should have checked my linux firewall.

I entered at command prompt:# ufw allow ssh.

I don't mind too much that I got stuck because I read a lot of useful stuff along the way.

I restricted it by IP to only allow from a private address.

thanks
robo-loki

Glad it is working and thanks for the follow up explaining the cause of the problem. However, if it was the packet filter blocking things the SSH client should not have gotten even as far as key exchange. The client should have comlained about "connection refused". So could you please describe a little more about where the client and server were in relation to each other and to the packet filter?

1 members found this post helpful.

Hi-

This is a snippet from my console:

I enter the passphrase and I am in.

ssh -p 3184 -v user@127.0.0.1
Enter passphrase for key '/home/user/.ssh/id_rsa':

The client is in cygwin win 10. I run openssh in mintty.

The server is a virtualbox guest machine. I run fedora.

The packet filter is in virtualbox guest machine ufw. I am using NAT.

thanks

Hi -

I'm on my phone. Will this link help?

https://askubuntu.com/questions/1613...-ip-forwarding


Thanks,
Robo-loki

Since the client is Vista10 and the server is a Fedora guest VM in Vista10, and the problem occurs connecting between them it looks like a problem with the host system, which is Vista10. Therefore in that case I would recommend turning to one of the all-to-common Windows-oriented forums.

Hate to necropost, but I just ran into the same kex_exchange_identification issue. Hunted down the problem - /etc/hosts.allow did not have an entry for the client on the sshd: line; hosts.deny has sshd:ALL, so each local LAN client needs to be explicitly allowed.

Support for tcpwrappers was removed from OpenSSH back in version 6.7 back in 2014. That's a while back, so far back that most people are very unlikely to encounter tcpd at all.