MikroTik

Posted: **Fri Jan 04, 2008 11:27 pm**

Hello,

I have a few Mikrotiks that for some reason I am not able to SSH into. I can access them via telnet, winbox, ect..but when I try to ssh in, I get the following:

ssh_exchange_identification: Connection closed by remote host

For linux systems, I know this can be an issue if you have setup a hosts.allow or hosts.deny file, but I have no clue what could cause this for the Mikrotiks. I have tried stoping and starting the service with no help. I have lots of other Mikrotiks that are working with ssh with no problem.

Has anyone run into this before?

Thanks

Posted: **Sat Jan 05, 2008 6:44 am**

Updates,

I have noticed that by stopping and starting the ssh service the problem temporarily goes away. The 3 devices that i have noticed this problem on so far are running 2.9.39

Posted: **Sat Jan 31, 2009 9:09 pm**

Same Problem

ssh_exchange_identification: Connection closed by remote host

rb 433ah Routeros 3.20...

Posted: **Mon Feb 02, 2009 12:53 pm**

so and between "it works" and "it gives this error" NOTHING changed? no configuration at all? where are you connecting from (client type)?

Posted: **Thu Feb 05, 2009 4:45 am**

RB433AH i update to version 3.18... for pcq problem... back to 3.13... when read 3.20 solve this problem install 3.20 and update firmware.. and fail ssh

at times the service responds, but I can not determine what makes it work or stop working

cpu using is at 50% (not saturation)
disable, enable, change port etc ssh service, no efect

client is always same.. putty from windows or ssh command line from linux box (both fail now)

winbox work perfect.. and change ssh port with winbox port and winbox work ok.

need configuration file?

i think reset all and configure complety solve the problem.. but have a complex configuration

Posted: **Fri Apr 10, 2009 2:55 pm**

Had same problem, with 4 devices, upgraded them to 3.22. In abour a hour i dont see any problems, i'll write about this in few days.

Posted: **Mon Apr 13, 2009 11:06 am**

problem exists, with RB411. After few days uptime, i see

ssh_exchange_identification: Connection closed by remote host

when i try to ssh to it.

Posted: **Wed Apr 15, 2009 1:19 pm**

Problem is strange.
From windows:
---------------------------
PuTTY Fatal Error
---------------------------
Server unexpectedly closed network connection
---------------------------
OK
---------------------------
From linux:

$ ssh -vv link_mar31
OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to link_mar31 [172.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
$

from routeros 3.20:17
[admin@dude] > /system ssh 172.xxx.xxx.xxx user=admin port=22 ;
ssh_exchange_identification: Connection closed by remote host

Welcome back!
[admin@Hey dude] >

All devices are probed by dude every minute or so. When i reboot device, ssh works, and these errors begins after 1-2 days.
I disabled ssh on one of devices.

this is my dude ssh probe:

ssh probe.png

Posted: **Fri Apr 17, 2009 1:04 pm**

It looks like dude's fault, because, when i stoped probing, i can ssh normaly to device. O my custom probe problem. Maybe something with ssh server, because there is no ssh connections in /ip firewall connections.

Posted: **Mon May 25, 2009 2:24 am**

I had the same problem. I fixed it when i turn on this packages: calea , isdn, radiolan, user-manager.
I have question to Normis, what package fixed this problem?

Sorry for my eng...lish

Posted: **Tue May 26, 2009 8:38 pm**

Hi

I am having the same problem on an RB411, running 3.10

I know the first response would normally be to upgrade software, but it seems that conjurer was having the same problems with 3.22

Does anyone know yet what is causing this?

Posted: **Wed May 27, 2009 3:15 pm**

I don't have problems anymore, turned offf ssh cheking on all routerbaords. I only probe linux servers for ssh and other more important stuff.
O don't think it problem with packages, after reboot it works ok, about 20-30 hours.

Posted: **Mon Jun 01, 2009 11:43 am**

I have had the same problem.

After upgrading to version 3.24 the problem dissapeared.

Posted: **Thu Jul 02, 2009 12:30 am**

Hello,
we have the same problem on 2.9.51, 3.10, 3.15, 3.20, 3.22, 3.24 and of course 3.25.

Nothing help, only reboot the router.

Note: https not working too!

Posted: **Thu Jul 02, 2009 8:13 pm**

Well after all without ssh probes dude runs is faster.
And i rarely use ssh. I use rarely winbox ox mac telnet. And in future i am not going to let dude monitor ssh on any of routeboards, because, when i realy need connect to it, i may get that error.
Do anyone has this problem with 4.0beta?

Posted: **Tue Dec 08, 2009 1:37 pm**

On the ssh service, check the available from field.

Posted: **Fri Apr 23, 2010 10:17 am**

Hi!

We have the same problem, after about an hour no more response on ssh.
Nothing changed under this time.

ROS 4.6 4.7... fail
ROS 5.0b1 ... working

Posted: **Tue Jul 06, 2010 1:24 pm**

I get the same problem.
Some hours after the reboot ssh stop working.
Running v4.9...
No ssh dude polling active.

Posted: **Tue Jan 11, 2011 3:11 am**

Of the 39 routers I have set SSH and FTP up on; when I try to connect via SFTP I am getting this same error (ssh_exchange_identification: Connection closed by remote host) on 7 of them. The other 32 work just fine. Below I have listed the kind of router with software version that it is happening to.

x86 (PC router) v3.13
x86 (PC router) v3.13
x86 (PC rotuer) v3.30
? v2.9.51 - did not have a hand in setting this up originally
RB1000 v3.14
RB1000 v3.30
RB1000 v4.11

The working ones are all 333, 433, 433AH, 450, 450G, 493, 493AH, and 750G running os 2.9.50 to 4.13. I have checked the packages between working and non-working routers and there is nothing obvious that would lead me to believe there is a package problem, and from looking at my list this is happening on only my PC based routers and my RB1000s. Any insight as to what could be causing this would be nice and very appreciated.

-Joe

Posted: **Fri Jan 14, 2011 3:01 am**

I have a little more information that may help:

When I said this was a problem on all x86 and RB1000s I was wrong there. I have one RB1000 that is working. I checked to see what packages it is running and compared it to the ones that are not working. (See attached image)

The RB1000 that is working is shaded in green and I have marked what packages that are installed and active with an 'x' and the packages that are installed and disabled are marked with a 'd'. Blank spaces mean that package is not installed at all.

The top of each row indicated the type of router and the OS version it is running.

Using FileZilla in Windows 7 I can manually connect to routers 1 and 5 with SFTP using a username and password for the account that the public SSH is key is setup for. (I have not tried using the public key in FileZilla) The error I get in FileZilla on the others is:

Error: Server unexpectedly closed network connection
Error: Could not connect to server

Checking the router log and the terminal screen in the routers does not give any additional information.

I really need some ideas on how I can get though this.

- Joe

Posted: **Thu Oct 06, 2016 10:22 am**

got same strange behaviour just after adding another user and its ssh key, thats second ssh key I added, before that all ssh connections was OK
while experimanting with ssh access to RB for scripting got this, for example:

$ sudo -u nobody ssh -i /tmp/id_dsa.pub openvpn@m66 -vvv
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to m66 [X.X.X.X] port 22.
debug1: connect to address X.X.X.X port 22: Connection timed out
debug1: Connecting to m66 [X.X.X.X] port 22.
debug1: connect to address X.X.X.X port 22: Connection timed out
ssh: connect to host m66 port 22: Connection timed out
$

another one:

$ sudo -u nobody ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=/etc/openvpn/keys/id_dsa.pub -o UserKnownHostsFile=/etc/openvpn/keys/known_hosts -vvvvvv openvpn@gw.m66
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 gw.m66
debug1: permanently_drop_suid: 99
Could not create directory '/.ssh'.
debug3: Not a RSA1 key file /etc/openvpn/keys/id_dsa.pub.
debug1: identity file /etc/openvpn/keys/id_dsa.pub type 2
debug1: identity file /etc/openvpn/keys/id_dsa.pub-cert type -1
ssh_exchange_identification: Connection closed by remote host

and another:

$ ssh -i id_dsa.pub openvpn@gw.m66 -vvv
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 gw.m66
debug1: permanently_drop_suid: 2525
debug3: Not a RSA1 key file id_dsa.pub.
debug1: identity file id_dsa.pub type 2
debug1: identity file id_dsa.pub-cert type -1
ssh_exchange_identification: Connection closed by remote host

and soon later I was surprised by finding what no ssh connections are possible for some IPs on RB interfaces, thanks god I found one IP on vlan interface for which ssh connection was possible to reboot router

Posted: **Thu Oct 06, 2016 3:12 pm**

check if your SSH is still supporting DSA keys. The latest trend is to remove it in various Linux distros. As SSH 7.x suggests to do just that.

Posted: **Mon Oct 10, 2016 3:39 pm**

Centos 6 and Ubuntu 14.04 ok with dsa as I can see ...
still there is no reason for ssh on RB2011 to fail! will you fix your ssh some day?

Posted: **Fri Feb 24, 2023 11:23 pm**

Run WinBox
IP> Service> SSH> Check port, and also check Available from, remove all IP if there are any.
Then try SSH again

MikroTik

SSH Problem: ssh_exchange_identification

SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification

Re: SSH Problem: ssh_exchange_identification