Why cant I ssh into my ubuntu server? (ssh_exchange_identification error)

Question

I am trying to ssh into my ubuntu server (which I have done many times before) and I get the error:

ssh_exchange_identification: Connection closed by remote host

ssh -vvv shows the following:

jimsmith:etc jimsmith$ ssh -vvv galleryserver
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/jimsmith/.ssh/config
debug1: Applying options for galleryserver
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /Users/richardelliot/.ssh/galleryserverkey.pem.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /Users/richardelliot/.ssh/galleryserverkey.pem type -1
debug1: identity file /Users/richardelliot/.ssh/galleryserverkey.pem-cert type -1
ssh_exchange_identification: Connection closed by remote host

Can anybody help?

--UPDATE---

I just found out that the server has been upgraded. So basically its a new machine but it using the same key and ip-address

The question is: What have you done since the last successful login? SSH key files don't change their key format on their own. Do you claim to have logged in successfully from that system as that user with the same application and not touched ~/.ssh? — Hauke Laging, Jun 04 '13 at 14:36
You have a client problem not a server problem thus your update doesn't help. — Hauke Laging, Jun 04 '13 at 14:39
@HaukeLaging Usually when a key is an unexpected format it's corrupted somehow. Regenerating the key should fix it. — Nathan C, Jun 04 '13 at 14:44
@NathanC Maybe that is "usually" the case. But it does not make sense to claim that if even the log shows that the key is in the wrong format (and not randomly damaged). Generating a new key obviously does not give you access to a server. If that was the case then SSH would be hardly safer that rsh and telnet. Thus this is the way to go in the last resort, not the first step. — Hauke Laging, Jun 04 '13 at 14:50

score 2 · Answer 1 · edited May 23 '17 at 12:41

2

It seems like you are not using a proper SSH private key as is alluded to by

debug3: Not a RSA1 key file /Users/richardelliot/.ssh/galleryserverkey.pem.

SSH keys usually are usually not .pem files - that is usually reserved for x509 certificates. Check your ssh keys in ~/.ssh; usually you have something like "id_dsa" (private key) and "id_dsa.pub" (public key). If using RSA then these files are id_rsa and id_rsa.pub instead. Make sure your SSH configuration, ~/.ssh/config, for that host points to the proper SSH keys.

If these files are not present you can generated them with

ssh-keygen -t dsa

then give your private key a passphrase and use something like keychain to manage your keys. You would then copy the local workstation public key, ~/.ssh/id_dsa.pub and merge it into ~/.ssh/authorized_keys on the remote server - creating that file if required. Ensure the permissions and server configurations is correct.

edited May 23 '17 at 12:41

Community

1

answered Jun 04 '13 at 14:25

Friedrich 'Fred' Clausen

2,298
22
25

`ssh-keygen` can convert SSH keys into other formats. – Hauke Laging Jun 04 '13 at 14:34
Please view my update above. – Bob Flemming Jun 04 '13 at 14:36
SSH v2 RSA keys are PEM encoded. They are a standard RSA key the are exactly the same thing as what you get when you use OpenSSL genrsa. See: http://serverfault.com/questions/358239/choosing-the-encryption-algorithm-used-by-osx-ssh-keygen – Zoredache Jun 04 '13 at 16:40

score 1 · Answer 2 · answered Jun 04 '13 at 15:31

1

Ok I figured out what the problem was.

A module called deny hosts was preventing my IP from connecting.

I managed to connect from another IP address and then I added my IP address to the /etc/hosts.allow file.

answered Jun 04 '13 at 15:31

Bob Flemming

1,175
3
13
17

Why cant I ssh into my ubuntu server? (ssh_exchange_identification error)

2 Answers2