Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

sshd: error: kex_exchange_identification: Connection closed by remote host

 

Information

 

Summary:

Logs are flooded with the entry "sshd: error: kex_exchange_identification: Connection closed by remote host"

Environment:

Product: LoadMaster

Version: 

Platform: 

Application:

Question/Problem Description:

What does this log entry mean and what can be done about it?

Steps to Reproduce:  
Error Message: sshd: error: kex_exchange_identification: Connection closed by remote host
Defect Number:  
Enhancement Number:  
Cause: Security scan was causing logs to be flooded with the message.
Resolution:
  • This log entry means that something is hammering the system with ssh client requests.  This can be caused by security scans or brute force attacks.
  • Go to Certificates & Security > Remote Access > Allow Remote SSH Access.
  • remote_access.PNG
  • See what networks are allowed for SSH requests.  May want to limit this to just your management network from the dropdown menu.
  • Disable it completely if not needed
Workaround:  
Notes:
  • A packet capture taken from the LoadMaster could show which IP or IPs are attempting to request access.  When setting the parameters for the capture, filter on port 22. 
  • To take a capture from the LoadMaster, go to System Configuration > Troubleshooting > TCP Dump.

Comments