How to fix Raspberry Pi SSH connection reset

I have been having some issues with the master image of my pi trying to get a VPN connection so I booted up an old image I had lying around to see if I could debug the VPN. Unfortunately, the old image would not allow me to ssh in.

Performing a verbose connection clued me in

$>ssh -v pi@192.168.0.2
OpenSSH_7.1p2, OpenSSL 1.0.1g 7 Apr 2014
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 192.168.0.2 [192.168.0.2] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobaxterm/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Raspbian-5+deb8u4
debug1: match: OpenSSH_6.7p1 Raspbian-5+deb8u4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.2:22 as 'pi'
debug1: SSH2_MSG_KEXINIT sent
Connection reset by 192.168.0.2

The issue we can see is SSH2_MSG_KEXINIT is sent and then the connection is closed. A correct connection should have a SSH2_MSG_KEXINIT received followed by authentication.

Doing a little more digging we can see

$>tail auth.log

error: key_load_public: invalid format
May 17 03:57:39 raspberrypi sshd[830]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
May 17 03:57:39 raspberrypi sshd[830]: error: key_load_public: invalid format
May 17 03:57:39 raspberrypi sshd[830]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 17 03:57:39 raspberrypi sshd[830]: error: key_load_public: invalid format
May 17 03:57:39 raspberrypi sshd[830]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 17 03:57:39 raspberrypi sshd[830]: error: key_load_public: invalid format
May 17 03:57:39 raspberrypi sshd[830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 17 03:57:39 raspberrypi sshd[830]: fatal: No supported key exchange algorithms [preauth]

Now we have a really good idea what is going on

 

let’s fix it

$> sudo rm /etc/ssh/ssh_host_* && sudo dpkg-reconfigure openssh-server

It will generate a new set of ssh certs, like so:

Creating SSH2 RSA key; this may take some time ...
2048 73:a5:a5:1b:88:c6:19:40:0e:4c:51:18:ad:94:81:7f /etc/ssh/ssh_host_rsa_key.pub (RSA)
Creating SSH2 DSA key; this may take some time ...
1024 5a:37:ab:bf:11:c3:f5:ea:5f:e4:b3:ea:16:6a:11:f6 /etc/ssh/ssh_host_dsa_key.pub (DSA)
Creating SSH2 ECDSA key; this may take some time ...
256 d6:74:28:5e:ca:cd:ac:a8:69:32:03:f3:56:b5:48:7d /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...

 

After this, there was no issue connecting.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.