Secure Shell (SSH) is a powerful protocol used to remotely access servers, configure systems, and transfer files securely. However, one frustrating and fairly common issue users encounter is the “Connection reset by peer” SSH error. This error abruptly cuts the connection and leaves users unable to proceed. If you’ve come across the dreaded message:

kex_exchange_identification: read: Connection reset by peer

Don’t panic. In this guide, we'll explain how to fix “Connection reset by peer” SSH error, identify its causes, and walk through effective solutions for various systems—including Linux, macOS, and Windows.

Whether you're using OpenSSH, SFTP, SSHFS, or connecting to a remote server via port 22, this comprehensive guide is for you.

 

 

 

Understanding the “Connection reset by peer” SSH Error

Before diving into how to fix “Connection reset by peer” SSH Error, it’s important to fully understand what “Connection reset by peer” actually means in the context of SSH. This error message often appears in the following forms:

  • kex_exchange_identification: read: Connection reset by peer

  • error='Connection reset by peer (104)'

At its core, this message indicates that the remote host—typically the server you're trying to SSH into—has abruptly closed the connection. The term “peer” refers to the remote machine, and a “reset” means the server forcefully ended the session before a successful connection could be established.

The most critical part of the message is during the key exchange or KEX process. This is when SSH tries to establish a secure session by negotiating cryptographic keys between the client and server. If something goes wrong during this early handshake—before even reaching username or password authentication—you’ll get this error.

 

Common Variations of the Error:

This issue might manifest in slightly different ways, depending on your SSH client or system. Here are some variations to look out for:

  • ssh error connection reset by peer

  • client_loop: send disconnect: Connection reset by peer

  • error(104, 'Connection reset by peer')

  • kex_exchange_identification read: connection reset by peer connection reset by port 22

  • sftp connection reset by peer

All of these essentially mean the same thing: your SSH session was unexpectedly dropped by the server during the early stages of connection setup. Regardless of the variation, the troubleshooting steps on  how to fix “Connection reset by peer” SSH Error are generally similar, focusing on diagnosing the environment, configuration, and system logs.

 

 

 

Why This SSH Error Happens

There are multiple reasons why the SSH session is terminated with this error. Understanding the cause will help you fix “connection reset by peer” SSH error efficiently.

1. Firewall or Security Group Blocking the Port

The most common cause is SSH traffic being blocked, especially on port 22. Firewalls (like UFW, iptables, or firewalld) or cloud platform security groups may block incoming SSH requests.

2. SSH Daemon (sshd) Not Running or Misconfigured

If the SSH service on the server isn’t running, or the config file (sshd_config) is misconfigured (e.g., improper AllowUsers, Match block, or MaxSessions), it can reject your connection.

3. Fail2Ban or DenyHosts Blocking Your IP

Security tools like Fail2Ban automatically ban IP addresses after repeated failed login attempts. If your IP is blacklisted, you’ll get the "reset by peer" message.

4. Incorrect Permissions on .ssh Folder

If the ~/.ssh folder or keys have incorrect permissions, the SSH server might reject the connection.

5. SSH Key Exchange Failure or Timeout

This may happen if there’s a mismatch between the SSH versions or algorithms on the client and server, leading to a failure during KEX (Key Exchange).

 

How to Fix “Connection reset by peer” SSH Error: Step-by-Step

Here’s your action plan on how to fix “Connection reset by peer” SSH Error. Try each step methodically.

 

1. Check if SSH Port 22 is Open and Listening

Run this on the server:

sudo netstat -tuln | grep :22

Or:

sudo ss -tuln | grep :22

You should see SSH listening on 0.0.0.0:22 or 127.0.0.1:22. If not, the SSH service might not be running.

 

2. Restart the SSH Service

Ensure sshd is active. Use:

sudo systemctl restart sshd

Then test your connection again. If SSH isn’t installed properly, reinstall:

sudo apt install openssh-server

 

3. Check Firewall Rules

UFW (Uncomplicated Firewall):

sudo ufw allow ssh

sudo ufw reload

iptables:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

firewalld:

sudo firewall-cmd --permanent --add-service=ssh

sudo firewall-cmd --reload

Still stuck? Follow our detailed guide on How to solve the SSH connection refused error for in-depth troubleshooting.

 

4. Inspect the Server’s SSH Logs

Logs often reveal the exact reason for the disconnect:

sudo journalctl -u sshd

Or:

cat /var/log/auth.log | grep sshd

Look for clues like:

  • IP ban notices

  • Protocol mismatch

  • Missing host keys

  • Permissions errors

 

5. Verify SSH Configuration (sshd_config)

Open the config file:

sudo nano /etc/ssh/sshd_config

Check for:

  • AllowUsers directive (is your user allowed?)

  • MaxSessions and MaxStartups (limits on connections)

  • Port 22 is not commented out

Restart SSH after editing:

sudo systemctl restart sshd

 

6. Confirm File Permissions

On the client-side, make sure .ssh and its contents have the correct permissions:

chmod 700 ~/.ssh

chmod 600 ~/.ssh/id_rsa

 

7. Temporarily Disable Fail2Ban

If you suspect you’re blocked by Fail2Ban, run:

sudo fail2ban-client status sshd

Then unban your IP:

sudo fail2ban-client set sshd unbanip <your-ip-address>

 

8. Try SSH with Verbose Output

Run:

ssh -vvv user@host

This gives a step-by-step debug trace and helps identify exactly where the error happens.

 

9. Test with Different Clients or Systems

Sometimes the issue is local. Try:

  • Switching networks

  • Connecting from another device

  • Using a different client (e.g., PuTTY on Windows)

Refer to our guide on How to SSH for client configuration help.

 

Special Cases of SSH “Connection Reset by Peer” Errors

Now that we’ve covered the general meaning and causes of the error, let’s look at some platform-specific scenarios where this error tends to appear frequently. These cases involve unique OS-level behaviors that may interfere with SSH connectivity.

 

On Windows

Error Example: SSH connection reset by port 22 Windows

Windows machines, especially home editions or systems not configured for development or server access, can sometimes block SSH traffic by default.

Possible Causes and Fixes:

  • Windows Defender Firewall or Third-Party Antivirus: These tools may silently drop outgoing connections or restrict traffic over port 22. You can fix this by:

    • Creating an inbound firewall rule to allow TCP traffic on port 22.

    • Temporarily disabling antivirus to check if it's interfering.

  • Lack of OpenSSH Client: Unlike Linux, Windows doesn’t always come with SSH enabled by default.

    • Go to Settings > Apps > Optional Features and install OpenSSH Client.

  • Use WSL (Windows Subsystem for Linux): If you're a developer, WSL offers a Unix-like terminal with full SSH support. It's a more reliable environment for managing Linux servers from a Windows machine.

If you're interested in learning the correct way to initiate SSH connections from Windows or any system, check out our full guide: How to SSH.

 

On macOS

Error Example: kex_exchange_identification: read: Connection reset by peer macOS

On macOS systems, the problem may stem from outdated SSH clients or strict security settings.

Solutions Include:

  • Outdated or Limited Cipher Suites: macOS may block connections that use outdated or insecure ciphers. Update OpenSSH using Homebrew:

brew install openssh

  • Custom KEX Algorithm: If your server is older or configured with legacy KEX algorithms, you may need to specify them manually. Try connecting with:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@host

  • Adjust macOS Firewall Settings: Ensure that outgoing SSH traffic isn’t being filtered by the macOS application firewall or security tools like Little Snitch.

Whether you’re on Windows or macOS, you can always upgrade to a reliable virtual private server that simplifies SSH access and gives you full control. Learn more about our 1Gbits VPS Hosting plans to streamline your server access today.

 

 

Bonus: Fixing SFTP and SSHFS Connection Reset Errors

SFTP (sftp connection reset by peer)

  • Same troubleshooting steps apply.

  • Ensure the server supports sftp-server.

SSHFS (connection reset by peer sshfs)

  • Check fuse and sshfs versions.

  • Mount command example:

sshfs user@host:/remote /mnt/remote

 

Try a Stable Server: 1Gbits VPS Hosting

Still facing unpredictable SSH errors? It might be time to switch to a reliable host. Explore 1Gbits VPS Hosting for fast, stable, and secure VPS servers with full SSH access and 24/7 support.

 

 

Final Thoughts

The “Connection reset by peer” SSH error can be frustrating, but it’s almost always fixable with the right approach. Whether the problem lies in server configuration, firewalls, permissions, or the SSH handshake process, the steps above will help you diagnose and learn how to fix “Connection reset by peer” SSH Error effectively.

If you’re looking for a smooth SSH experience, consider migrating your infrastructure to a stable platform like 1Gbits VPS Hosting where connection issues are minimal and technical support is always within reach.