[英]SSH "kex_exchange_identification: read: Connection reset by peer"
The setup:设置:
The problem:问题:
When accessing the raspberry from a remote location (over the Internet) via SSH, it works until the connection hangs.当通过 SSH 从远程位置(通过 Internet)访问树莓派时,它会一直工作,直到连接挂起。 This occurs randomly.
这是随机发生的。 I can sometimes SSH it again after few minutes, and sometimes not until I restart the Raspi.
有时我可以在几分钟后再次 SSH 它,有时直到我重新启动 Raspi。
What I've tried:我试过的:
debug1: Local version string SSH-2.0-OpenSSH_8.1
kex_exchange_identification: read: Connection reset by peer
Connection reset by peer
Connection reset by peer
/etc/hosts.allow
and /etc/hosts.deny
=> Nothing there/etc/hosts.allow
和/etc/hosts.deny
=> 没有iptables -L --line-number
=> Nothing thereiptables -L --line-number
=>检查 iptables/var/log/fail2ban.log
and sudo journalctl -t sshd
=> Nothing striking there/var/log/fail2ban.log
和sudo journalctl -t sshd
=> 没有什么引人注目的sshd_config
with no DNS
no DNS
的sshd_config
apt-get --reinstall install openssh-server openssh-client
apt-get --reinstall install openssh-server openssh-client
重新安装 SSH I am running out of ideas here and no clue about what's happening.我在这里没有想法,也不知道发生了什么。 As someone encountered the same problem with SSH connection before?
之前有人遇到过与 SSH 连接相同的问题吗? Could it be a load issue on the raspberry?
这可能是覆盆子的负载问题吗?
Long story short, my problem had nothing to do with a network issue and was fixed by examining the syslog .长话短说,我的问题与网络问题无关,通过检查syslog已解决。
In details:详细说明:
I noticed that none of the webapps (via LAMP or MERN stacks) while up and running before the issue started, were not reachable anymore.我注意到在问题开始之前启动并运行的所有 Web 应用程序(通过 LAMP 或 MERN 堆栈)都无法再访问。
So I dug up the syslog with the tail -f -n X /var/log/syslog
command (replacing X with the number of lines you want to display).因此,我使用
tail -f -n X /var/log/syslog
命令(将 X 替换为您要显示的行数)挖掘了系统日志。 I then noticed few lines mentioning a Voltage problem (sorry I did keep the exact terms).然后我注意到几行提到电压问题(对不起,我确实保留了确切的条款)。 But basically it meant that my Raspi which an external HDD was plugged on did not have a strong enough power supply.
但基本上这意味着我的外接硬盘插入的Raspi没有足够强大的电源。
Then it looked that the HDD was unmounted and the system crashed, which explains all the issues mentioned above.然后看起来硬盘被卸载并且系统崩溃了,这解释了上面提到的所有问题。
So I removed the HDD put the SD card back and ran the Raspi again while going through the syslog again and monitoring the memory with htop .因此,我卸下了 HDD,将 SD 卡放回原处并再次运行 Raspi,同时再次浏览syslog并使用htop监视 memory。 It turned out that when I started both the apache and node servers, the RAM and SWAP memories were getting full repeating the same consequences mentioned above.
事实证明,当我同时启动 apache 和节点服务器时,RAM 和 SWAP 内存已满,重复上述相同的结果。
So finally I increased the SWAP memory by using ZRAM.所以最后我通过使用 ZRAM 增加了 SWAP memory。 Link here .
链接在这里。
Now everything runs well but still monitoring.现在一切运行良好,但仍在监控。
I didn't see ufw (firewall) was installed.我没有看到安装了ufw(防火墙)。
ufw disable
(Or configure ufw.)
Now the ports are reachable as expected.现在端口可以按预期访问。
I found another scenario that causes this precise error.我发现了导致这个精确错误的另一种情况。 Be sure you check permissions on the OpenSSH generated public / private key files in /etc/ssh on the host system you are trying to connect to with SSH.
请务必检查您尝试使用 SSH 连接的主机系统上 /etc/ssh 中 OpenSSH 生成的公钥/私钥文件的权限。 These keys are used by the SSH daemon.
这些密钥由 SSH 守护程序使用。
Since OpenSSH is cross platform the same would apply to any operating system running SSHd.由于 OpenSSH 是跨平台的,因此同样适用于任何运行 SSHd 的操作系统。 These files must have the proper permissions.
这些文件必须具有适当的权限。
/etc/ssh is the default path but if you are on Windows or other OS it may vary. /etc/ssh 是默认路径,但如果您使用的是 Windows 或其他操作系统,它可能会有所不同。 But for most Unix/Linux/macOS systems it should be /etc/ssh.
但对于大多数 Unix/Linux/macOS 系统,它应该是 /etc/ssh。
sudo chmod 600 *_key
sudo chmod 644 *.pub
You should also verify that the SSH client has the correct permissions on the ~/.ssh and the public / private keys, config, authorized_keys, etc. Although if these are wrong you will be told right away.您还应该验证 SSH 客户端对 ~/.ssh 和公钥/私钥、配置、授权密钥等是否具有正确的权限。尽管如果这些是错误的,您会立即被告知。 But when the permissions on keys for the SSH daemon are wrong you receive errors in the logs.
但是,当 SSH 守护程序的密钥权限错误时,您会在日志中收到错误消息。
When it's not DNS nor certificates, then it's always permissions.当它不是 DNS 也不是证书时,它总是权限。
Another scenario where the error: kex_exchange_identification: read: Connection reset by peer appears is a configuration restricting access via ssh in hosts.allow with a line like: sshd: 192.168.178.12
and then trying to ssh from an IP different then then one above. Another scenario where the error: kex_exchange_identification: read: Connection reset by peer appears is a configuration restricting access via ssh in hosts.allow with a line like:
sshd: 192.168.178.12
and then trying to ssh from an IP different then then one above.
I need medical attention for my foot now....我的脚现在需要就医......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.