What causes SSH error: kex_exchange_identification: Connection closed by remote host?

Weirdly, none actually try to authenticate to open a session.

Some spiders and services like Shodan scans public ipv4 addresses for open services, e.g. salt masters, ftp servers, RDPs, and also SSH services. These spiders usually only connect to the services without doing any valid authentication steps.

I get the error: kex_exchange_identification: Connection closed by remote host in the server logs. What causes that?

I haven’t found conclusive answers about that, so… time to browse the source then.

In OpenSSH source code, kex_exchange_identification is a function to exchange server and client identification (duh), and the specified error happened if the socket connection between OpenSSH server and client is interrupted (see EPIPE), i.e. client already closed its connection.

Leave a Comment