ssh_exchange_identification: Connection closed by remote host
-
Are you on a connection over a cellular network?
-
Are you behind a proxy server?
-
Are you using using a VPN?
If you are using a cellular hotspot, pairing with your phone's cellular connection, using a cellular modem or otherwise connecting over a cellular network, this may happen because the remote.it has detected two different IP addresses when making the connection because some cellular providers route your traffic to IP addresses that they control.
This behavior can also occur if you are using a proxy service or a VPN and you may experience similar issues.
remote.it, by default, only allows connections from the IP address requesting the connection and blocks requests to the service from all other IP addresses. Since your cellular connection changes your IP address, you can no longer connect because we have blocked this other IP address.
The solution is easy however and depends on how you are connecting:
-
Web portal/Remote.It Desktop application: Under "Connection Options-Routing", choose "Public Proxy". This setting disables IP restrictions for this particular connection.
-
Mobile: If you are on mobile, make sure to disable IP address restrictions for the connection.
-
API: If you are connecting via the API, please make sure to pass the
hostip
parameter in the body of your request set to the IP address given to you by the cellular network. This is not the IP address of your device. It is the address of your client.
Security Note Note that disabling IP restrictions means that anyone can attempt to make a connection to your device if they know the hostname and port, so this is a potential security concern. Make sure you also follow good security practices like using strong passwords on your device and locking down all incoming connections for all ports.
kex_exchange_identification: read: Connection reset
This is an indication that there is no SSH service detected on the configured port on the device.
By default, SSH uses port 22, though advanced users sometimes change this.
If you are using a Raspberry Pi, the most likely explanation is that you have not yet enabled SSH. For security reasons, recent versions of the Raspbian Stretch operating system turn off the ssh server "sshd" by default.
You can enable ssh on the Pi at the time you create the SD card by creating a file with the name "ssh" in the boot partition. If you do this, then sshd starts automatically.
If you did not do this and are using a keyboard and monitor connected directly to the Pi, run the "raspi-config" program and enable ssh as follows:
sudo raspi-config
Now double check that "sshd" shows up as follows when you run:
sudo netstat -lpn | grep tcp
pi@raspberrypi:~ $ sudo netstat -lpn | grep tcp
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 401/sshd
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 449/vncserver-x11-c
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 509/nginx: master p
tcp6 0 0 :::22 :::* LISTEN 401/sshd
tcp6 0 0 ::1:3350 :::* LISTEN 457/xrdp-sesman
tcp6 0 0 :::3389 :::* LISTEN 492/xrdp
tcp6 0 0 :::5900 :::* LISTEN 449/vncserver-x11-c
tcp6 0 0 :::80 :::* LISTEN 509/nginx: master p
pi@raspberrypi:~ $
Note that the connection error message when you attempt to connect directly on the LAN when sshd is not running looks like:
pi@raspberrypi:~ $ ssh -l pi 192.168.1.70
ssh: connect to host 192.168.1.70 port 22: Connection refused
while trying to make an SSH connection through remote.it results in a different error:
pi@raspberrypi:~ $ ssh -l pi proxy21.rt3.io -p 34644
ssh_exchange_identification: read: Connection reset by peer
pi@raspberrypi:~ $
remote.it Service TCP Port setting doesn't match SSH server
If there is a mismatch between the port configured on the SSH server and the port specified when configuring the remote.it Service, you will also get this error. Make sure that the port used when configuring your remote.it Service matches what is actually in use.
Use the "netstat" command as shown above to list active TCP listeners.
The SSH server is usually called "sshd" but it could be "dropbear" or something else completely. Check the documentation for your OS to be sure.
ssh_exchange_identification: read: Connection reset by peer
This is an indication that there is no SSH service detected on the configured port.
By default, SSH uses port 22, though advanced users sometimes change this.
If you are using a Raspberry Pi, the most likely explanation is that you have not yet enabled SSH. For security reasons, recent versions of the Raspbian Stretch operating system turn off the ssh server "sshd" by default.
You can enable ssh on the Pi at the time you create the SD card by creating a file with the name "ssh" in the boot partition. If you do this, then sshd starts automatically.
If you did not do this and are using a keyboard and monitor connected directly to the Pi, run the "raspi-config" program and enable ssh as follows:
sudo raspi-config
Now double check that "sshd" shows up as follows when you run:
sudo netstat -lpn | grep tcp
pi@raspberrypi:~ $ sudo netstat -lpn | grep tcp
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 401/sshd
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 449/vncserver-x11-c
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 509/nginx: master p
tcp6 0 0 :::22 :::* LISTEN 401/sshd
tcp6 0 0 ::1:3350 :::* LISTEN 457/xrdp-sesman
tcp6 0 0 :::3389 :::* LISTEN 492/xrdp
tcp6 0 0 :::5900 :::* LISTEN 449/vncserver-x11-c
tcp6 0 0 :::80 :::* LISTEN 509/nginx: master p
pi@raspberrypi:~ $
Note that the connection error message when you attempt to connect directly on the LAN when sshd is not running looks like:
pi@raspberrypi:~ $ ssh -l pi 192.168.1.70
ssh: connect to host 192.168.1.70 port 22: Connection refused
while trying to make an SSH connection through remote.it results in a different error:
pi@raspberrypi:~ $ ssh -l pi proxy21.rt3.io -p 34644
ssh_exchange_identification: read: Connection reset by peer
pi@raspberrypi:~ $
remote.it Service TCP Port setting doesn't match SSH server
If there is a mismatch between the port configured on the SSH server and the port specified when configuring the remote.it Service, you will also get this error. Make sure that the port used when configuring your remote.it Service matches what is actually in use.
Use the "netstat" command as shown above to list active TCP listeners.
The SSH server is usually called "sshd" but it could be "dropbear" or something else completely. Check the documentation for your OS to be sure.
ssh: connect to host <HOST> port <PORT>: Connection refused
Possible Reasons and Solutions
Incorrect hostname or port
One possible cause for this is you are not using the correct hostname and port from the connection. This could happen because you copy/pasted one of the values but forgot to copy/paste the other, causing one value to be old and reference an invalid proxy hostname or port.
Please try the "-v" option with the SSH command as shown:
If you use the right port but wrong URL (proxy17 was not the correct server):
>ssh -v -l pi proxy17.remot3.it -p 30322
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
debug1: Connecting to proxy17.remot3.it [174.129.133.181] port 30322.
debug1: connect to address 174.129.133.181 port 30322: Connection refused
ssh: connect to host proxy17.remot3.it port 30322: Connection refused
The proxy connection has expired
connectd daemon has died
If your SSH connectd
daemon on the device dies after getting the connection URL and port, this could cause the above issue. Although this is quite unlikely, please see these articles for more information on making sure the connectd daemons are running.
Checking that everything is running properly (remoteit package)
ssh: connect to host <HOST> port <PORT>: Connection timed out
Possible Reasons and Solutions
This error occurs when the hostname (e.g. proxy19.remot3.it
), cannot be contacted.
The usual causes of Connection timed out
are:
-
There is a mistake in hostname or port
-
The device is offline but you got a connection assigned to it anyway (it may have gone offline after the connection was established).
In the first case, double check your hostname and port when making your connection.
In the second, make sure your device is online and connected to the internet. If you can, it may also help to restart the device to see if that resolves the issue.