Community discussions

MikroTik App
 
ejohnson
just joined
Topic Author
Posts: 4
Joined: Fri Nov 03, 2006 7:14 pm

SSH Problem: ssh_exchange_identification

Fri Jan 04, 2008 11:27 pm

Hello,

I have a few Mikrotiks that for some reason I am not able to SSH into. I can access them via telnet, winbox, ect..but when I try to ssh in, I get the following:

ssh_exchange_identification: Connection closed by remote host

For linux systems, I know this can be an issue if you have setup a hosts.allow or hosts.deny file, but I have no clue what could cause this for the Mikrotiks. I have tried stoping and starting the service with no help. I have lots of other Mikrotiks that are working with ssh with no problem.

Has anyone run into this before?

Thanks
 
ejohnson
just joined
Topic Author
Posts: 4
Joined: Fri Nov 03, 2006 7:14 pm

Re: SSH Problem: ssh_exchange_identification

Sat Jan 05, 2008 6:44 am

Updates,

I have noticed that by stopping and starting the ssh service the problem temporarily goes away. The 3 devices that i have noticed this problem on so far are running 2.9.39
 
marceloru
newbie
Posts: 48
Joined: Tue Jul 08, 2008 12:00 am
Location: Argentina

Re: SSH Problem: ssh_exchange_identification

Sat Jan 31, 2009 9:09 pm

Same Problem

ssh_exchange_identification: Connection closed by remote host

rb 433ah Routeros 3.20...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26290
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: SSH Problem: ssh_exchange_identification

Mon Feb 02, 2009 12:53 pm

so and between "it works" and "it gives this error" NOTHING changed? no configuration at all? where are you connecting from (client type)?
 
marceloru
newbie
Posts: 48
Joined: Tue Jul 08, 2008 12:00 am
Location: Argentina

Re: SSH Problem: ssh_exchange_identification

Thu Feb 05, 2009 4:45 am

RB433AH i update to version 3.18... for pcq problem... back to 3.13... when read 3.20 solve this problem install 3.20 and update firmware.. and fail ssh

at times the service responds, but I can not determine what makes it work or stop working

cpu using is at 50% (not saturation)
disable, enable, change port etc ssh service, no efect

client is always same.. putty from windows or ssh command line from linux box (both fail now)

winbox work perfect.. and change ssh port with winbox port and winbox work ok.

need configuration file?

i think reset all and configure complety solve the problem.. but have a complex configuration
 
conjurer
Member Candidate
Member Candidate
Posts: 110
Joined: Mon Jul 21, 2008 9:46 pm

Re: SSH Problem: ssh_exchange_identification

Fri Apr 10, 2009 2:55 pm

Had same problem, with 4 devices, upgraded them to 3.22. In abour a hour i dont see any problems, i'll write about this in few days.
 
conjurer
Member Candidate
Member Candidate
Posts: 110
Joined: Mon Jul 21, 2008 9:46 pm

Re: SSH Problem: ssh_exchange_identification

Mon Apr 13, 2009 11:06 am

problem exists, with RB411. After few days uptime, i see
ssh_exchange_identification: Connection closed by remote host
when i try to ssh to it.
 
conjurer
Member Candidate
Member Candidate
Posts: 110
Joined: Mon Jul 21, 2008 9:46 pm

Re: SSH Problem: ssh_exchange_identification

Wed Apr 15, 2009 1:19 pm

Problem is strange.
From windows:
---------------------------
PuTTY Fatal Error
---------------------------
Server unexpectedly closed network connection
---------------------------
OK
---------------------------
From linux:

$ ssh -vv link_mar31
OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to link_mar31 [172.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
$

from routeros 3.20:17
[admin@dude] > /system ssh 172.xxx.xxx.xxx user=admin port=22 ;
ssh_exchange_identification: Connection closed by remote host

Welcome back!
[admin@Hey dude] >

All devices are probed by dude every minute or so. When i reboot device, ssh works, and these errors begins after 1-2 days.
I disabled ssh on one of devices.

this is my dude ssh probe:
ssh probe.png
You do not have the required permissions to view the files attached to this post.
 
conjurer
Member Candidate
Member Candidate
Posts: 110
Joined: Mon Jul 21, 2008 9:46 pm

Re: SSH Problem: ssh_exchange_identification

Fri Apr 17, 2009 1:04 pm

It looks like dude's fault, because, when i stoped probing, i can ssh normaly to device. O my custom probe problem. Maybe something with ssh server, because there is no ssh connections in /ip firewall connections.
 
yurkou
just joined
Posts: 6
Joined: Mon May 25, 2009 2:11 am

Re: SSH Problem: ssh_exchange_identification

Mon May 25, 2009 2:24 am

I had the same problem. I fixed it when i turn on this packages: calea , isdn, radiolan, user-manager.
I have question to Normis, what package fixed this problem?


Sorry for my eng...lish :)
 
Jacen
just joined
Posts: 7
Joined: Tue May 12, 2009 9:45 am

Re: SSH Problem: ssh_exchange_identification

Tue May 26, 2009 8:38 pm

Hi

I am having the same problem on an RB411, running 3.10

I know the first response would normally be to upgrade software, but it seems that conjurer was having the same problems with 3.22

Does anyone know yet what is causing this?
 
conjurer
Member Candidate
Member Candidate
Posts: 110
Joined: Mon Jul 21, 2008 9:46 pm

Re: SSH Problem: ssh_exchange_identification

Wed May 27, 2009 3:15 pm

I don't have problems anymore, turned offf ssh cheking on all routerbaords. I only probe linux servers for ssh and other more important stuff.
O don't think it problem with packages, after reboot it works ok, about 20-30 hours.
 
LaSolitaire
newbie
Posts: 44
Joined: Sun Nov 20, 2005 11:22 pm

Re: SSH Problem: ssh_exchange_identification

Mon Jun 01, 2009 11:43 am

I have had the same problem.

After upgrading to version 3.24 the problem dissapeared.
 
ochyst
just joined
Posts: 21
Joined: Sat Jun 17, 2006 3:01 am

Re: SSH Problem: ssh_exchange_identification

Thu Jul 02, 2009 12:30 am

Hello,
we have the same problem on 2.9.51, 3.10, 3.15, 3.20, 3.22, 3.24 and of course 3.25.

Nothing help, only reboot the router.

Note: https not working too!
 
conjurer
Member Candidate
Member Candidate
Posts: 110
Joined: Mon Jul 21, 2008 9:46 pm

Re: SSH Problem: ssh_exchange_identification

Thu Jul 02, 2009 8:13 pm

Well after all without ssh probes dude runs is faster.
And i rarely use ssh. I use rarely winbox ox mac telnet. And in future i am not going to let dude monitor ssh on any of routeboards, because, when i realy need connect to it, i may get that error.
Do anyone has this problem with 4.0beta?
 
Admire
just joined
Posts: 4
Joined: Tue Dec 08, 2009 1:36 pm

Re: SSH Problem: ssh_exchange_identification

Tue Dec 08, 2009 1:37 pm

On the ssh service, check the available from field.
 
wandernerysilva
just joined
Posts: 1
Joined: Tue Mar 02, 2010 2:36 am

Re: SSH Problem: ssh_exchange_identification

Fri Apr 23, 2010 10:17 am

Hi!

We have the same problem, after about an hour no more response on ssh.
Nothing changed under this time.

ROS 4.6 4.7... fail
ROS 5.0b1 ... working
 
User avatar
davides
just joined
Posts: 14
Joined: Thu Jun 29, 2006 4:47 pm
Location: Milan, Italy
Contact:

Re: SSH Problem: ssh_exchange_identification

Tue Jul 06, 2010 1:24 pm

I get the same problem.
Some hours after the reboot ssh stop working.
Running v4.9...
No ssh dude polling active.
 
User avatar
soddoff
just joined
Posts: 8
Joined: Sat Feb 13, 2010 2:31 am
Location: Idaho
Contact:

Re: SSH Problem: ssh_exchange_identification

Tue Jan 11, 2011 3:11 am

Of the 39 routers I have set SSH and FTP up on; when I try to connect via SFTP I am getting this same error (ssh_exchange_identification: Connection closed by remote host) on 7 of them. The other 32 work just fine. Below I have listed the kind of router with software version that it is happening to.

x86 (PC router) v3.13
x86 (PC router) v3.13
x86 (PC rotuer) v3.30
? v2.9.51 - did not have a hand in setting this up originally
RB1000 v3.14
RB1000 v3.30
RB1000 v4.11

The working ones are all 333, 433, 433AH, 450, 450G, 493, 493AH, and 750G running os 2.9.50 to 4.13. I have checked the packages between working and non-working routers and there is nothing obvious that would lead me to believe there is a package problem, and from looking at my list this is happening on only my PC based routers and my RB1000s. Any insight as to what could be causing this would be nice and very appreciated.

-Joe
 
User avatar
soddoff
just joined
Posts: 8
Joined: Sat Feb 13, 2010 2:31 am
Location: Idaho
Contact:

Re: SSH Problem: ssh_exchange_identification

Fri Jan 14, 2011 3:01 am

I have a little more information that may help:

When I said this was a problem on all x86 and RB1000s I was wrong there. I have one RB1000 that is working. I checked to see what packages it is running and compared it to the ones that are not working. (See attached image)

The RB1000 that is working is shaded in green and I have marked what packages that are installed and active with an 'x' and the packages that are installed and disabled are marked with a 'd'. Blank spaces mean that package is not installed at all.

The top of each row indicated the type of router and the OS version it is running.

Using FileZilla in Windows 7 I can manually connect to routers 1 and 5 with SFTP using a username and password for the account that the public SSH is key is setup for. (I have not tried using the public key in FileZilla) The error I get in FileZilla on the others is:

Error: Server unexpectedly closed network connection
Error: Could not connect to server

Checking the router log and the terminal screen in the routers does not give any additional information.

I really need some ideas on how I can get though this.

- Joe
You do not have the required permissions to view the files attached to this post.
 
acypkob
just joined
Posts: 20
Joined: Sun Sep 25, 2016 12:33 pm

Re: SSH Problem: ssh_exchange_identification

Thu Oct 06, 2016 10:22 am

got same strange behaviour just after adding another user and its ssh key, thats second ssh key I added, before that all ssh connections was OK
while experimanting with ssh access to RB for scripting got this, for example:
$ sudo -u nobody ssh -i /tmp/id_dsa.pub openvpn@m66 -vvv
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to m66 [X.X.X.X] port 22.
debug1: connect to address X.X.X.X port 22: Connection timed out
debug1: Connecting to m66 [X.X.X.X] port 22.
debug1: connect to address X.X.X.X port 22: Connection timed out
ssh: connect to host m66 port 22: Connection timed out
$
another one:
$ sudo -u nobody ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=/etc/openvpn/keys/id_dsa.pub -o UserKnownHostsFile=/etc/openvpn/keys/known_hosts -vvvvvv openvpn@gw.m66
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 gw.m66
debug1: permanently_drop_suid: 99
Could not create directory '/.ssh'.
debug3: Not a RSA1 key file /etc/openvpn/keys/id_dsa.pub.
debug1: identity file /etc/openvpn/keys/id_dsa.pub type 2
debug1: identity file /etc/openvpn/keys/id_dsa.pub-cert type -1
ssh_exchange_identification: Connection closed by remote host
and another:
$ ssh -i id_dsa.pub openvpn@gw.m66 -vvv
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 gw.m66
debug1: permanently_drop_suid: 2525
debug3: Not a RSA1 key file id_dsa.pub.
debug1: identity file id_dsa.pub type 2
debug1: identity file id_dsa.pub-cert type -1
ssh_exchange_identification: Connection closed by remote host
and soon later I was surprised by finding what no ssh connections are possible for some IPs on RB interfaces, thanks god I found one IP on vlan interface for which ssh connection was possible to reboot router
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: SSH Problem: ssh_exchange_identification

Thu Oct 06, 2016 3:12 pm

check if your SSH is still supporting DSA keys. The latest trend is to remove it in various Linux distros. As SSH 7.x suggests to do just that.
 
acypkob
just joined
Posts: 20
Joined: Sun Sep 25, 2016 12:33 pm

Re: SSH Problem: ssh_exchange_identification

Mon Oct 10, 2016 3:39 pm

Centos 6 and Ubuntu 14.04 ok with dsa as I can see ...
still there is no reason for ssh on RB2011 to fail! will you fix your ssh some day?
 
User avatar
wahidtelco
just joined
Posts: 15
Joined: Mon Mar 02, 2015 9:13 am
Location: Bangladesh
Contact:

Re: SSH Problem: ssh_exchange_identification

Fri Feb 24, 2023 11:23 pm

Run WinBox
IP> Service> SSH> Check port, and also check Available from, remove all IP if there are any.
Then try SSH again

Who is online

Users browsing this forum: No registered users and 22 guests