sftp Couldn't read packet: Connection reset by peer

Question

When I execute the following command on my local computer, I can connect (the password is asked):

sftp -v -oPort=2828 USER@SERVER.COM

Resulting log from sftp -v:

OpenSSH_7.6p1 Ubuntu-4ubuntu0.1, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to SERVER.COM [XX.XX.XX.XX] port 2828.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.6
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to SERVER.COM:2828 as 'USER'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xxxxxxxxxx
debug1: Host '[SERVER.COM]:2828' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:7
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:iq/xxxxxxxxxxxxxxx /home//.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
Password:

When I try the same thing on a freshly provisioned ubuntu server, I get the following error from the exact same command:

OpenSSH_7.2p2 Ubuntu-4ubuntu2.6, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to SERVER.COM [XX.XX.XX.XX] port 2828.
debug1: connect to address XX.XX.XX.XX port 2828: Connection timed out
ssh: connect to host SERVER.COM port 2828: Connection timed out
Couldn't read packet: Connection reset by peer

I followed several instructions online but nothing applied.

Example: SFTP Error - Couldn't read packet: Connection reset by peer

Edit: I don't have access to the server i try to sftp to, it is not mine.

Are you saying you cannot connect to a freshly installed server? Can you try to SSH to default port? 22 — titus, Dec 08 '18 at 12:56
@titus: I don't have access to the server i am trying to connect TO. I cannot SSH to his port 22 as only sftp over port 2828 is allowed. I can SSH to the port 22 of the machine i am trying to connect FROM. That is how I log on to the freshly installed server. — Si Mon, Dec 08 '18 at 13:52

score 0 · Answer 1 · answered Dec 08 '18 at 12:50

0

Hard to tell, possibly bad routes? If the connection timed out entirely, the routing table isn't correct or the server is DROPing your packets outright. Check your network configuration, then your routes and THEN you can move to the SSH logs, hosts.{allow,deny}, etc..

answered Dec 08 '18 at 12:50

Stuart Gray

11
5

I don't have access to the server i am trying to connect TO (for logs etc.). I cannot SSH to his port 22 as only sftp over port 2828 is allowed. In response to your answer, I did the following command: `route` . The result is: `Destination Gateway Genmask Flags Metric Ref Use Iface default XXX.XX.XX.1 0.0.0.0 UG 0 0 0 eth0 XXX.XX.XX.0 * 255.255.252.0 U 0 0 0 eth0 ` where the IP doesn't match the target server – Si Mon Dec 08 '18 at 14:02

score 0 · Answer 2 · answered Dec 08 '18 at 14:51

Worked it out with the support of my hoster.

Problem is, they have security groups which block all ports unless you actively open them. I didn't open port 2828.

It is still a bit a mystery to me, as I thought sftp -oPort=2828 would go to the TARGETs port 2828 while still through port 22 on my side. But well... this solved it. Thanks to the people trying to answer my question.

sftp Couldn't read packet: Connection reset by peer

2 Answers2