What should I do if an error message is displayed when logging in to a Linux instance
What should I do if the error "ssh_exchange_identification: read: Connection reset by peer" is displayed when logging in to a Linux instance using an SSH client?
When logging in to the Linux instance through the SSH client and confirming that the user name and password are correct, the following error message is encountered.
ssh_exchange_identification: read: Connection reset by peer.
sshd[11949]: refused connect from 192.168.0.0 (192.168.0.0).
This problem may occur for the following reasons:
• The configuration of the TCP Wrapper file in the ECS instance is incorrect: TCP Wrapper is a standard security framework in the Linux system and is used to control the access of applications. Its daemon process tcpd decides whether to allow TCP connection by reading the relevant configuration in the two files /etc/hosts.allow and /etc/hosts.deny. If the /etc/hosts.allow or /etc/hosts.deny file is incorrectly configured, the SSH connection will be abnormal. You can reconfigure the /etc/hosts.allow or /etc/hosts.deny file to solve this problem.
• The liblz4.so.1 file in the ECS instance is missing: The liblz4.so.1 file is a soft link to the liblz4.so.1.7.5 file. If the file is missing, the SSH connection will be abnormal.
• The local public IP is blocked by the cloud security center: Please add the local public IP to the whitelist.
• Abnormal local network connection: Please check the local network.
Method 1: Edit the TCP Wrapper file
Refer to the following steps to dynamically set the access policy by modifying the configuration file. After modification, the server does not need to be restarted for the configuration to take effect. This article uses modifying /etc/hosts.deny as an example to illustrate.
• Log in to the ECS instance through VNC.
• Execute the following command to check whether the /etc/hosts.allow or /etc/hosts.deny file contains configurations similar to all:all:deny or sshd:IP address:deny.
cat /etc/hosts.deny
1) If there is no all:all:deny or sshd:IP address:deny configuration, it is not caused by the TCP Wrapper, please perform other solutions to check.
2) If there is an all:all:deny or sshd:IP address:deny configuration, proceed to the next step.
• Modify the /etc/hosts.deny file.
1) Open the /etc/hosts.deny file.
2) Add # before all:all:deny or sshd:IP address:deny to comment out the configuration.
3) Press the Esc key to exit edit mode.
4) Enter: wq, and press Enter to save and exit.
Method 2: Create liblz4.so.1 soft link
• Log in to the ECS instance through VNC.
• Execute the following command to find the liblz4.so.1.7.5 file.
find / -name "liblz4*"
If the liblz4.so.1.7.5 file does not exist, copy the liblz4.so.1.7.5 file in other normal ECS instances to /usr/lib64/ of the ECS instance.
• Execute the following command to create a soft link.
ln -s liblz4.so.1.7.5 liblz4.so.1
Method 3: Add a whitelist in the cloud security center
If you enter wrong login information multiple times when a local client network connects to the ECS server, the request for remote login to ECS from this IP will be blocked. You can add the local IP to the whitelist in the settings of the cloud security center, so that the local IP will not be blocked from remotely logging in to this server. The specific operations are as follows:
• Log in to the Security Center console.
• In the left navigation bar, select System Configuration > Function Settings.
• On the Other Configuration sub-tab of the Settings tab, click the configuration in the security control area to jump to the security control console.
• On the left navigation bar, select Whitelist Management > IP Whitelist.
• On the IP Whitelist page, click Add.
Method 4: Check the local network
Please use other network environments to test whether the network connection is normal, such as a mobile phone 4G network, and check whether you can log in normally.
If you can log in normally, it means that there is a problem with the local network, please check it yourself.
Problem Description
When logging in to the Linux instance through the SSH client and confirming that the user name and password are correct, the following error message is encountered.
ssh_exchange_identification: read: Connection reset by peer.
sshd[11949]: refused connect from 192.168.0.0 (192.168.0.0).
Problem causes
This problem may occur for the following reasons:
• The configuration of the TCP Wrapper file in the ECS instance is incorrect: TCP Wrapper is a standard security framework in the Linux system and is used to control the access of applications. Its daemon process tcpd decides whether to allow TCP connection by reading the relevant configuration in the two files /etc/hosts.allow and /etc/hosts.deny. If the /etc/hosts.allow or /etc/hosts.deny file is incorrectly configured, the SSH connection will be abnormal. You can reconfigure the /etc/hosts.allow or /etc/hosts.deny file to solve this problem.
• The liblz4.so.1 file in the ECS instance is missing: The liblz4.so.1 file is a soft link to the liblz4.so.1.7.5 file. If the file is missing, the SSH connection will be abnormal.
• The local public IP is blocked by the cloud security center: Please add the local public IP to the whitelist.
• Abnormal local network connection: Please check the local network.
Solution
Method 1: Edit the TCP Wrapper file
Refer to the following steps to dynamically set the access policy by modifying the configuration file. After modification, the server does not need to be restarted for the configuration to take effect. This article uses modifying /etc/hosts.deny as an example to illustrate.
• Log in to the ECS instance through VNC.
• Execute the following command to check whether the /etc/hosts.allow or /etc/hosts.deny file contains configurations similar to all:all:deny or sshd:IP address:deny.
cat /etc/hosts.deny
1) If there is no all:all:deny or sshd:IP address:deny configuration, it is not caused by the TCP Wrapper, please perform other solutions to check.
2) If there is an all:all:deny or sshd:IP address:deny configuration, proceed to the next step.
• Modify the /etc/hosts.deny file.
1) Open the /etc/hosts.deny file.
2) Add # before all:all:deny or sshd:IP address:deny to comment out the configuration.
3) Press the Esc key to exit edit mode.
4) Enter: wq, and press Enter to save and exit.
Method 2: Create liblz4.so.1 soft link
• Log in to the ECS instance through VNC.
• Execute the following command to find the liblz4.so.1.7.5 file.
find / -name "liblz4*"
If the liblz4.so.1.7.5 file does not exist, copy the liblz4.so.1.7.5 file in other normal ECS instances to /usr/lib64/ of the ECS instance.
• Execute the following command to create a soft link.
ln -s liblz4.so.1.7.5 liblz4.so.1
Method 3: Add a whitelist in the cloud security center
If you enter wrong login information multiple times when a local client network connects to the ECS server, the request for remote login to ECS from this IP will be blocked. You can add the local IP to the whitelist in the settings of the cloud security center, so that the local IP will not be blocked from remotely logging in to this server. The specific operations are as follows:
• Log in to the Security Center console.
• In the left navigation bar, select System Configuration > Function Settings.
• On the Other Configuration sub-tab of the Settings tab, click the configuration in the security control area to jump to the security control console.
• On the left navigation bar, select Whitelist Management > IP Whitelist.
• On the IP Whitelist page, click Add.
Method 4: Check the local network
Please use other network environments to test whether the network connection is normal, such as a mobile phone 4G network, and check whether you can log in normally.
If you can log in normally, it means that there is a problem with the local network, please check it yourself.
Related Articles
-
A detailed explanation of Hadoop core architecture HDFS
Knowledge Base Team
-
What Does IOT Mean
Knowledge Base Team
-
6 Optional Technologies for Data Storage
Knowledge Base Team
-
What Is Blockchain Technology
Knowledge Base Team
Explore More Special Offers
-
Short Message Service(SMS) & Mail Service
50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00
