Common SSH error messages and solutions

Here are some error messages you might encounter when making an SSH connection using remote.it.  Click on the message to see possible causes and ways to resolve them.

 

ssh_exchange_identification: Connection closed by remote host
Possible Reasons and Solutions
Your IP address is different than your original IP address when making a connection
  • Are you on a connection over a cellular network?

  • Are you behind a proxy server?

  • Are you using using a VPN?

If you are using a cellular hotspot, pairing with your phone's cellular connection, using a cellular modem or otherwise connecting over a cellular network, this may happen because the remote.it has detected two different IP addresses when making the connection because some cellular providers route your traffic to IP addresses that they control.

This behavior can also occur if you are using a proxy service or a VPN and you may experience similar issues.

remote.it, by default, only allows connections from the IP address requesting the connection and blocks requests to the service from all other IP addresses. Since your cellular connection changes your IP address, you can no longer connect because we have blocked this other IP address.

The solution is easy however and depends on how you are connecting:

  • Web portal/Remote.It Desktop application: Under "Connection Options-Routing", choose "Public Proxy".  This setting disables IP restrictions for this particular connection.

mceclip0.png
  • Mobile: If you are on mobile, make sure to disable IP address restrictions for the connection.

  • API: If you are connecting via the API, please make sure to pass the hostip parameter in the body of your request set to the IP address given to you by the cellular network. This is not the IP address of your device. It is the address of your client.

 

Security Note Note that disabling IP restrictions means that anyone can attempt to make a connection to your device if they know the hostname and port, so this is a potential security concern. Make sure you also follow good security practices like using strong passwords on your device and locking down all incoming connections for all ports.

kex_exchange_identification: read: Connection reset
Possible Reasons and Solutions

This is an indication that there is no SSH service detected on the configured port on the device.

By default, SSH uses port 22, though advanced users sometimes change this.

If you are using a Raspberry Pi, the most likely explanation is that you have not yet enabled SSH.  For security reasons, recent versions of the Raspbian Stretch operating system turn off the ssh server "sshd" by default.

You can enable ssh on the Pi at the time you create the SD card by creating a file with the name "ssh" in the boot partition.  If you do this, then sshd starts automatically.

If you did not do this and are using a keyboard and monitor connected directly to the Pi, run the "raspi-config" program and enable ssh as follows:

sudo raspi-config

 

 

 

Now double check that "sshd" shows up as follows when you run:

sudo netstat -lpn | grep tcp

pi@raspberrypi:~ $ sudo netstat -lpn | grep tcp
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 401/sshd
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 449/vncserver-x11-c
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 509/nginx: master p
tcp6 0 0 :::22 :::* LISTEN 401/sshd
tcp6 0 0 ::1:3350 :::* LISTEN 457/xrdp-sesman
tcp6 0 0 :::3389 :::* LISTEN 492/xrdp
tcp6 0 0 :::5900 :::* LISTEN 449/vncserver-x11-c
tcp6 0 0 :::80 :::* LISTEN 509/nginx: master p
pi@raspberrypi:~ $

Note that the connection error message when you attempt to connect directly on the LAN when sshd is not running looks like:

pi@raspberrypi:~ $ ssh -l pi 192.168.1.70
ssh: connect to host 192.168.1.70 port 22: Connection refused

while trying to make an SSH connection through remote.it results in a different error:

pi@raspberrypi:~ $ ssh -l pi proxy21.rt3.io -p 34644
ssh_exchange_identification: read: Connection reset by peer
pi@raspberrypi:~ $

remote.it Service TCP Port setting doesn't match SSH server

If there is a mismatch between the port configured on the SSH server and the port specified when configuring the remote.it Service, you will also get this error.  Make sure that the port used when configuring your remote.it Service matches what is actually in use.

Use the "netstat" command as shown above to list active TCP listeners.

The SSH server is usually called "sshd" but it could be "dropbear" or something else completely.  Check the documentation for your OS to be sure.

ssh_exchange_identification: read: Connection reset by peer
Possible Reasons and Solutions

This is an indication that there is no SSH service detected on the configured port.

By default, SSH uses port 22, though advanced users sometimes change this.

If you are using a Raspberry Pi, the most likely explanation is that you have not yet enabled SSH.  For security reasons, recent versions of the Raspbian Stretch operating system turn off the ssh server "sshd" by default.

You can enable ssh on the Pi at the time you create the SD card by creating a file with the name "ssh" in the boot partition.  If you do this, then sshd starts automatically.

If you did not do this and are using a keyboard and monitor connected directly to the Pi, run the "raspi-config" program and enable ssh as follows:

sudo raspi-config

 

 

 

Now double check that "sshd" shows up as follows when you run:

sudo netstat -lpn | grep tcp

pi@raspberrypi:~ $ sudo netstat -lpn | grep tcp
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 401/sshd
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 449/vncserver-x11-c
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 509/nginx: master p
tcp6 0 0 :::22 :::* LISTEN 401/sshd
tcp6 0 0 ::1:3350 :::* LISTEN 457/xrdp-sesman
tcp6 0 0 :::3389 :::* LISTEN 492/xrdp
tcp6 0 0 :::5900 :::* LISTEN 449/vncserver-x11-c
tcp6 0 0 :::80 :::* LISTEN 509/nginx: master p
pi@raspberrypi:~ $

Note that the connection error message when you attempt to connect directly on the LAN when sshd is not running looks like:

pi@raspberrypi:~ $ ssh -l pi 192.168.1.70
ssh: connect to host 192.168.1.70 port 22: Connection refused

while trying to make an SSH connection through remote.it results in a different error:

pi@raspberrypi:~ $ ssh -l pi proxy21.rt3.io -p 34644
ssh_exchange_identification: read: Connection reset by peer
pi@raspberrypi:~ $

remote.it Service TCP Port setting doesn't match SSH server

If there is a mismatch between the port configured on the SSH server and the port specified when configuring the remote.it Service, you will also get this error.  Make sure that the port used when configuring your remote.it Service matches what is actually in use.

Use the "netstat" command as shown above to list active TCP listeners.

The SSH server is usually called "sshd" but it could be "dropbear" or something else completely.  Check the documentation for your OS to be sure.

ssh: connect to host <HOST> port <PORT>: Connection refused

Possible Reasons and Solutions

Incorrect hostname or port

One possible cause for this is you are not using the correct hostname and port from the connection. This could happen because you copy/pasted one of the values but forgot to copy/paste the other, causing one value to be old and reference an invalid proxy hostname or port.

Please try the "-v" option with the SSH command as shown:

If you use the right port but wrong URL (proxy17 was not the correct server):

>ssh -v -l pi proxy17.remot3.it -p 30322
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
debug1: Connecting to proxy17.remot3.it [174.129.133.181] port 30322.
debug1: connect to address 174.129.133.181 port 30322: Connection refused
ssh: connect to host proxy17.remot3.it port 30322: Connection refused

The proxy connection has expired

Please note that connection URLs and ports obtained through the web portal (and proxy connections made using the Remote.It Desktop application or Mobile app) expire about 8 hours after you request them.  They will also time out after 15 minutes of inactivity. See: Why does the address time out?

connectd daemon has died

If your SSH connectd daemon on the device dies after getting the connection URL and port, this could cause the above issue.   Although this is quite unlikely, please see these articles for more information on making sure the connectd daemons are running.

Checking that everything is running properly (remoteit package)

Making sure that your connectd daemons are running

Keeping your services running (connectd package)

ssh: connect to host <HOST> port <PORT>: Connection timed out

Possible Reasons and Solutions

This error occurs when the hostname (e.g. proxy19.remot3.it), cannot be contacted.

The usual causes of Connection timed out are:

  1. There is a mistake in hostname or port

  2. The device is offline but you got a connection assigned to it anyway (it may have gone offline after the connection was established).

In the first case, double check your hostname and port when making your connection.

In the second, make sure your device is online and connected to the internet. If you can, it may also help to restart the device to see if that resolves the issue.

 

 

Other issues?

Please contact our support and we would be happy to assist you!

Was this article helpful?
0 out of 0 found this helpful