#StackBounty: #networking #ssh #openssh kex_exchange_identification: read: Connection reset by peer. Connection works on other NIC/subnet

Bounty: 50

I re-installed a VM (CentOS7) and now I get this error. The VM has two adapters that are on different subnets.
Funny enough ssh worked fine on one subnet after fixing the expected MITM warning.

ssh -v shows:

OpenSSH_8.0p1, OpenSSL 1.1.1c  28 May 2019
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 6: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "foreman" port yy
debug2: ssh_connect_direct
debug1: Connecting to foreman [xxx.xxx.xxx.xxx] port yy.
debug1: Connection established.
debug1: identity file /home/sam/.ssh/id_rsa type 0
debug1: identity file /home/sam/.ssh/id_rsa-cert type -1
debug1: identity file /home/sam/.ssh/id_dsa type -1
debug1: identity file /home/sam/.ssh/id_dsa-cert type -1
debug1: identity file /home/sam/.ssh/id_ecdsa type -1
debug1: identity file /home/sam/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/sam/.ssh/id_ed25519 type -1
debug1: identity file /home/sam/.ssh/id_ed25519-cert type -1
debug1: identity file /home/sam/.ssh/id_xmss type -1
debug1: identity file /home/sam/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
kex_exchange_identification: read: Connection reset by peer

I’ve tried

  • Rebooting
  • removing the known_hosts file
  • checked /etc/ssh/ssh_config on the client (no deviation from maintainer version)
  • checked /etc/ssh/sshd_config on the server (no deviation from maintainer version)
  • stopping the firewalld
  • checked permissions on .ssh/ and authorized_keys
  • checked blacklist and whitelist (nothing there, only comments) (hosts.deny|hosts.allow)

I’m not sure if it’s relevant, but the client is running arch linux

So, again to clarify
The server has two ip addresses 172.x.x.x and 192.x.x.x
ssh works for 172.x.x.x but does not for 192.x.x.x


Get this bounty!!!