You attempt an SSH connection and immediately see:
$ ssh user@server.example.com
Connection reset by 192.168.1.100 port 22This error means the TCP connection was established but then abruptly terminated by the remote host. Unlike "connection refused" (nothing listening), "connection reset" means SSH started but something interrupted it.
Diagnose with Verbose Output
Run SSH with maximum verbosity to see where the reset occurs:
ssh -vvv user@server.example.com 2>&1 | tee ssh_debug.logLook for where the connection drops. If it resets immediately after the TCP handshake, the issue is likely firewall or TCP wrapper related. If it resets during key exchange, the issue might be MTU or cipher negotiation.
Check for TCP Wrappers
On the server, check if TCP wrappers are blocking the connection:
cat /etc/hosts.denyLook for lines blocking SSH:
sshd: ALL EXCEPT 10.0.0.0/8
sshd: .example.com: DENYCheck the allow file:
cat /etc/hosts.allowAdd your IP if needed:
echo "sshd: $(echo $SSH_CONNECTION | awk '{print $1}')" | sudo tee -a /etc/hosts.allowOr allow all SSH connections:
echo "sshd: ALL" | sudo tee -a /etc/hosts.allowCheck Server Firewall
The firewall might be allowing the initial connection but dropping subsequent packets. Check iptables:
sudo iptables -L -v -n --line-numbersLook for rules that might be dropping ESTABLISHED connections:
sudo iptables -L INPUT -v -n | grep -E "(DROP|REJECT)"A properly configured firewall should allow established connections:
sudo iptables -I INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTFor firewalld:
sudo firewall-cmd --list-allEnsure the correct zone is active and SSH is allowed:
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reloadInvestigate MTU Issues
MTU (Maximum Transmission Unit) problems cause mysterious resets during large data transfers like SSH key exchange. The server sends a large packet that gets dropped, and the connection dies.
Test with a smaller MTU:
ssh -o "MTU=1200" user@server.example.comOn Linux, temporarily reduce the interface MTU:
sudo ip link set eth0 mtu 1200If this fixes the issue, you have an MTU problem. The permanent fix is to enable Path MTU Discovery or configure the correct MTU on your network interface.
Check your current MTU:
ip link show eth0On the server, enable PMTU in the kernel:
sudo sysctl -w net.ipv4.tcp_mtu_probing=1Make it permanent:
echo "net.ipv4.tcp_mtu_probing = 1" | sudo tee -a /etc/sysctl.confCheck SSHD Configuration
Certain SSHD configurations can cause connection resets. Check the main config:
sudo grep -E "^(MaxStartups|MaxSessions|LoginGraceTime)" /etc/ssh/sshd_configIf MaxStartups is too low and you have many concurrent connections:
MaxStartups 2Increase it:
sudo sed -i 's/^MaxStartups.*/MaxStartups 10:30:60/' /etc/ssh/sshd_config
sudo systemctl restart sshdCheck Server Logs
Examine SSHD logs for the reset reason:
sudo journalctl -u sshd -fConnect from another terminal and watch for messages:
Apr 3 10:15:22 server sshd[12345]: Connection from 192.168.1.50 port 52341
Apr 3 10:15:22 server sshd[12345]: Connection closed by authenticating user user 192.168.1.50 port 52341 [preauth]On systems using syslog:
sudo tail -f /var/log/auth.logLook for patterns like:
- Connection closed by - Client or server closed
- Did not receive identification string - Timeout during handshake
- fatal: no hostkey alg - Key algorithm mismatch
Check for Fail2ban
Fail2ban might be blocking you after failed attempts:
sudo fail2ban-client status sshdCheck if your IP is banned:
sudo fail2ban-client status sshd | grep "Banned IP list"Unban your IP:
sudo fail2ban-client set sshd unbanip 192.168.1.50Check the fail2ban logs:
sudo tail -f /var/log/fail2ban.logCheck for Cloud Provider Security Groups
If the server is in AWS, Azure, or GCP, check the security group or network ACL rules. Cloud security groups act as firewalls and can cause resets.
In AWS, verify: - Security group allows inbound TCP 22 from your IP - Network ACLs aren't blocking the connection - No VPC flow logs showing rejected traffic
Check DNS Resolution Issues
Slow or failing DNS can cause connection resets during the authentication phase. On the server, disable DNS lookups:
echo "UseDNS no" | sudo tee -a /etc/ssh/sshd_config
sudo systemctl restart sshdThis prevents SSHD from trying to resolve the client's hostname.
Test with Different Ciphers
Sometimes cipher negotiation fails. Try forcing a specific cipher:
ssh -c aes256-ctr user@server.example.comOr specify a key exchange algorithm:
ssh -o KexAlgorithms=diffie-hellman-group14-sha1 user@server.example.comIf this works, update your SSH configuration to prefer working algorithms.
Check Keepalive Settings
If connections reset after idle periods, adjust keepalive:
On the client (~/.ssh/config):
Host *
ServerAliveInterval 60
ServerAliveCountMax 3On the server (/etc/ssh/sshd_config):
ClientAliveInterval 60
ClientAliveCountMax 3Quick Resolution Path
- 1.Check TCP wrappers:
/etc/hosts.denyand/etc/hosts.allow - 2.Check firewall rules:
iptables -Lorfirewall-cmd --list-all - 3.Check fail2ban:
fail2ban-client status sshd - 4.Check server logs:
journalctl -u sshd - 5.Test with verbose SSH:
ssh -vvv user@host - 6.Check MTU if connection resets during heavy data transfer
Connection reset errors usually indicate a firewall or security software interrupting the connection. Start with TCP wrappers and firewall checks for the fastest resolution.