SSH kex connection reset by peer

Hello Whonix community,

[noob flag] Looking to achieve a fairly simple task:

SSH to a nextcloudpi sitting in a LAN behind a pihole.
->Using qubes/whonix- fedora VM
->installed openssh
->confirmed open ssh active listening port 22
->terminal ssh as most guides/users suggest once successfully installed and started service
-> error: kex_exchange_identification: read: Connection reset by peer

I can access the ncp via putty on a separate machine on the same network

I understand there to be a fair amount of information in another post here: “is-it-possible-to-route-my-ssh-server-traffic-via-whonix-gateway/6304” however, I think that’s beyond what i’m struggling with here as i’m just trying to connect direct to a LAN address securely.

1 Like

This happened to me as well. Permissions of the files in /home/username/.ssh really played an important part in fixing it. The private key must be owned by root 0600, and the public key should be at least 0644. Also, make sure your host that you connect to is listed in the known_hosts file. Usually this happens at first connection. Some OpenSSH versions require an authorized_keys file on the .ssh directory as well.
For the server you connect to, it needs to use the same kex algorithms, MACs and negotiated ciphers as the client. These 3 options are configured in /etc/ssh/ssh_config and /etc/ssh/sshd_config. It goes without saying that server and client must use the same type of keys (ie ed25519, etc.) also. Remove the redundant unused keys from the /etc/ssh/* folder that you are not using.
Try all of this and hopefully you should connect

1 Like