<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>question Re: SSHCommand: Cannot connect, status is TCP_CONNECTION_DROPPED. Connection unexpectedly closed by SSH server: in ITOM forum</title>
    <link>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976337#M72953</link>
    <description>&lt;P&gt;It means the server hung up on us, for whatever reason.&lt;/P&gt;
&lt;P&gt;Often, it means we've tried too many credentials and triggered a security alert, but you're saying you're testing a single credential, so that seems unlikely. It might mean that the set of algorithms the client offers are unacceptable to the server.&lt;/P&gt;
&lt;P&gt;Debug options:&lt;/P&gt;
&lt;OL&gt;&lt;LI&gt;Try&amp;nbsp;to reproduce the same conditions with&amp;nbsp;a standard ssh client like openssh or putty and see if it works. Let's establish that the server works at all.&lt;/LI&gt;&lt;LI&gt;Try&amp;nbsp;#1 again&amp;nbsp;from the mid server itself in case the server has something against that host. It's unlikely, but&amp;nbsp;it's easy to rule out.&lt;/LI&gt;&lt;LI&gt;Squint at the security logs on the server to see if you can find any specific complaint. /var/log/secure often has good info.&lt;/LI&gt;&lt;LI&gt;Crank up the debug on the server. For openssh, this typically means editing /etc/ssh/sshd_config, setting loglevel=debug3, and restarting sshd.&amp;nbsp;Recreate the failure, then weed through the logs (/var/log/secure?), and you should see exactly what offended the server.&lt;/LI&gt;&lt;LI&gt;With openssh, run ssh with the "-vv" option to connect to the server. Look at the kexinit messages to see if they're especially exotic. (A typical sncssh kexinit message showing the supported algorithms is at bottom.)&lt;/LI&gt;&lt;LI&gt;You can get debug info from the sncssh servicenow ssh client by setting the mid parameter mid.ssh.debug = true (or,&amp;nbsp;if things are busy, to the IP address of the target to keep the amount of debug traffic manageable), then try again to connect.&amp;nbsp;The agent/logs/agent0.log.* logs will have lots of debug info which will start with "Using SNC". This will be a whole lot of information, and will more than likely just show that they hung up on us for no obvious reason, but&amp;nbsp;&lt;EM&gt;when&lt;/EM&gt; they hung up may be instructive:&lt;BR /&gt;a) If they hung up after kexinit but before userauth that would&amp;nbsp;indicate that the algorithm negotiations did not go well. Squint at the kexinit messages and compare the list of algorithms for each thing, trying to find where the server's list has no items on the client's list.&lt;BR /&gt;b) If&amp;nbsp;we get all the way to userauth, are the credentials tried the ones&amp;nbsp;you expected? When did it give up?&lt;/LI&gt;&lt;/OL&gt;
&lt;P&gt;I've debugged dozens of these, and that's my usual bag of tricks.&lt;/P&gt;
&lt;P&gt;Good luck, and it would be great to hear what you try and what works or doesn't.&lt;/P&gt;
&lt;P&gt;&amp;nbsp; &amp;nbsp; - Tim.&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;Here's a typical sncssh kexinit message. You might have trouble, for example, if the server did not support any aes or 3des cipher algorithms.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;07/28/17 00:19:56 (008) SSHProtocolEngine DEBUG: [2520/10.11.12.13:22] Sending packet 0; 544 bytes: &lt;/SPAN&gt;&lt;SPAN class="s2"&gt;Client KEX&lt;/SPAN&gt;&lt;SPAN class="s1"&gt;INIT:&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Cookie: 6cad40010640976136179e2cf0ab42ee&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Key Exchange Algorithms: diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group1-sha1&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Signature Algorithms: ssh-dss, ssh-rsa&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Client-to-Server Cipher Algorithms: aes128-ctr, aes192-ctr, aes256-ctr, 3des-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, none&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Client-to-Server MAC Algorithms: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512, hmac-md5, hmac-md5-96&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Client-to-Server Compression Algorithms: none&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Server-to-Client Cipher Algorithms: aes128-ctr, aes192-ctr, aes256-ctr, 3des-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, none&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Server-to-Client MAC Algorithms: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512, hmac-md5, hmac-md5-96&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Server-to-Client Compression Algorithms: none&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;First packet follows: false&lt;/SPAN&gt;&lt;/P&gt;</description>
    <pubDate>Tue, 29 May 2018 15:56:51 GMT</pubDate>
    <dc:creator>tim_broberg</dc:creator>
    <dc:date>2018-05-29T15:56:51Z</dc:date>
    <item>
      <title>SSHCommand: Cannot connect, status is TCP_CONNECTION_DROPPED. Connection unexpectedly closed by SSH server:</title>
      <link>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976336#M72952</link>
      <description>&lt;P&gt;Hello community,&lt;BR /&gt;&lt;BR /&gt;Could you please help me understand the following warning/error message:&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN class="list_span_related "&gt;SSHCommand: Cannot connect, status is TCP_CONNECTION_DROPPED. Connection unexpectedly closed by SSH server:&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;It shows this one when I am trying to test the credentials of one target host and in discovery logs.&lt;BR /&gt;&lt;BR /&gt;What it means, how to fix it or what to troubleshoot ?&lt;/P&gt;</description>
      <pubDate>Tue, 29 May 2018 14:53:24 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976336#M72952</guid>
      <dc:creator>justx</dc:creator>
      <dc:date>2018-05-29T14:53:24Z</dc:date>
    </item>
    <item>
      <title>Re: SSHCommand: Cannot connect, status is TCP_CONNECTION_DROPPED. Connection unexpectedly closed by SSH server:</title>
      <link>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976337#M72953</link>
      <description>&lt;P&gt;It means the server hung up on us, for whatever reason.&lt;/P&gt;
&lt;P&gt;Often, it means we've tried too many credentials and triggered a security alert, but you're saying you're testing a single credential, so that seems unlikely. It might mean that the set of algorithms the client offers are unacceptable to the server.&lt;/P&gt;
&lt;P&gt;Debug options:&lt;/P&gt;
&lt;OL&gt;&lt;LI&gt;Try&amp;nbsp;to reproduce the same conditions with&amp;nbsp;a standard ssh client like openssh or putty and see if it works. Let's establish that the server works at all.&lt;/LI&gt;&lt;LI&gt;Try&amp;nbsp;#1 again&amp;nbsp;from the mid server itself in case the server has something against that host. It's unlikely, but&amp;nbsp;it's easy to rule out.&lt;/LI&gt;&lt;LI&gt;Squint at the security logs on the server to see if you can find any specific complaint. /var/log/secure often has good info.&lt;/LI&gt;&lt;LI&gt;Crank up the debug on the server. For openssh, this typically means editing /etc/ssh/sshd_config, setting loglevel=debug3, and restarting sshd.&amp;nbsp;Recreate the failure, then weed through the logs (/var/log/secure?), and you should see exactly what offended the server.&lt;/LI&gt;&lt;LI&gt;With openssh, run ssh with the "-vv" option to connect to the server. Look at the kexinit messages to see if they're especially exotic. (A typical sncssh kexinit message showing the supported algorithms is at bottom.)&lt;/LI&gt;&lt;LI&gt;You can get debug info from the sncssh servicenow ssh client by setting the mid parameter mid.ssh.debug = true (or,&amp;nbsp;if things are busy, to the IP address of the target to keep the amount of debug traffic manageable), then try again to connect.&amp;nbsp;The agent/logs/agent0.log.* logs will have lots of debug info which will start with "Using SNC". This will be a whole lot of information, and will more than likely just show that they hung up on us for no obvious reason, but&amp;nbsp;&lt;EM&gt;when&lt;/EM&gt; they hung up may be instructive:&lt;BR /&gt;a) If they hung up after kexinit but before userauth that would&amp;nbsp;indicate that the algorithm negotiations did not go well. Squint at the kexinit messages and compare the list of algorithms for each thing, trying to find where the server's list has no items on the client's list.&lt;BR /&gt;b) If&amp;nbsp;we get all the way to userauth, are the credentials tried the ones&amp;nbsp;you expected? When did it give up?&lt;/LI&gt;&lt;/OL&gt;
&lt;P&gt;I've debugged dozens of these, and that's my usual bag of tricks.&lt;/P&gt;
&lt;P&gt;Good luck, and it would be great to hear what you try and what works or doesn't.&lt;/P&gt;
&lt;P&gt;&amp;nbsp; &amp;nbsp; - Tim.&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;Here's a typical sncssh kexinit message. You might have trouble, for example, if the server did not support any aes or 3des cipher algorithms.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;07/28/17 00:19:56 (008) SSHProtocolEngine DEBUG: [2520/10.11.12.13:22] Sending packet 0; 544 bytes: &lt;/SPAN&gt;&lt;SPAN class="s2"&gt;Client KEX&lt;/SPAN&gt;&lt;SPAN class="s1"&gt;INIT:&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Cookie: 6cad40010640976136179e2cf0ab42ee&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Key Exchange Algorithms: diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group1-sha1&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Signature Algorithms: ssh-dss, ssh-rsa&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Client-to-Server Cipher Algorithms: aes128-ctr, aes192-ctr, aes256-ctr, 3des-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, none&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Client-to-Server MAC Algorithms: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512, hmac-md5, hmac-md5-96&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Client-to-Server Compression Algorithms: none&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Server-to-Client Cipher Algorithms: aes128-ctr, aes192-ctr, aes256-ctr, 3des-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, none&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Server-to-Client MAC Algorithms: hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512, hmac-md5, hmac-md5-96&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;Server-to-Client Compression Algorithms: none&lt;/SPAN&gt;&lt;/P&gt;
&lt;P class="p1"&gt;&lt;SPAN class="s1"&gt;&lt;SPAN class="Apple-converted-space"&gt;&amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;First packet follows: false&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 29 May 2018 15:56:51 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976337#M72953</guid>
      <dc:creator>tim_broberg</dc:creator>
      <dc:date>2018-05-29T15:56:51Z</dc:date>
    </item>
    <item>
      <title>Re: SSHCommand: Cannot connect, status is TCP_CONNECTION_DROPPED. Connection unexpectedly closed by SSH server:</title>
      <link>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976338#M72954</link>
      <description>&lt;P&gt;as tim&amp;nbsp;suggested. it means that you are using the wrong credentials. are you sure you have access to it and does it allow ssh? usually a port needs to be in i think its default by port 22 if im not mistaken.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 29 May 2018 16:00:23 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976338#M72954</guid>
      <dc:creator>reich</dc:creator>
      <dc:date>2018-05-29T16:00:23Z</dc:date>
    </item>
    <item>
      <title>Re: SSHCommand: Cannot connect, status is TCP_CONNECTION_DROPPED. Connection unexpectedly closed by SSH server:</title>
      <link>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976339#M72955</link>
      <description>&lt;P&gt;Thank you very much, Tim! &lt;span class="lia-unicode-emoji" title=":slightly_smiling_face:"&gt;🙂&lt;/span&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 30 May 2018 07:51:32 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976339#M72955</guid>
      <dc:creator>justx</dc:creator>
      <dc:date>2018-05-30T07:51:32Z</dc:date>
    </item>
    <item>
      <title>Re: SSHCommand: Cannot connect, status is TCP_CONNECTION_DROPPED. Connection unexpectedly closed by SSH server:</title>
      <link>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976340#M72956</link>
      <description>&lt;P&gt;Hey, it's exciting when the one thing you&amp;nbsp;&lt;EM&gt;really know&lt;/EM&gt; is actually useful to somebody. x^D&lt;/P&gt;
&lt;P&gt;So, you figured it out, then?&lt;/P&gt;</description>
      <pubDate>Wed, 30 May 2018 15:09:38 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976340#M72956</guid>
      <dc:creator>tim_broberg</dc:creator>
      <dc:date>2018-05-30T15:09:38Z</dc:date>
    </item>
    <item>
      <title>Re: SSHCommand: Cannot connect, status is TCP_CONNECTION_DROPPED. Connection unexpectedly closed by SSH server:</title>
      <link>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976341#M72957</link>
      <description>&lt;P&gt;I think so.. your post was very helpful &lt;span class="lia-unicode-emoji" title=":winking_face:"&gt;😉&lt;/span&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 31 May 2018 05:33:13 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976341#M72957</guid>
      <dc:creator>justx</dc:creator>
      <dc:date>2018-05-31T05:33:13Z</dc:date>
    </item>
    <item>
      <title>Re: SSHCommand: Cannot connect, status is TCP_CONNECTION_DROPPED. Connection unexpectedly closed by SSH server:</title>
      <link>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976342#M72958</link>
      <description>&lt;P&gt;Hi Tim,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;How about the Quick discovery worked fine but during the schedule discovery i got the same error for that particular server. Any explanation behind this.&lt;/P&gt;</description>
      <pubDate>Thu, 14 Feb 2019 11:13:53 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/976342#M72958</guid>
      <dc:creator>bhanupratap2203</dc:creator>
      <dc:date>2019-02-14T11:13:53Z</dc:date>
    </item>
    <item>
      <title>Re: SSHCommand: Cannot connect, status is TCP_CONNECTION_DROPPED. Connection unexpectedly closed by</title>
      <link>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/2440326#M106892</link>
      <description>&lt;P&gt;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/266654"&gt;@tim_broberg&lt;/a&gt;&amp;nbsp;, am getting same error and checked the debug logs.&lt;/P&gt;&lt;P&gt;Any solution around this issue?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;In my cases:-&lt;/P&gt;&lt;P&gt;Target server is reachable&lt;/P&gt;&lt;P&gt;Port 22 is open&lt;/P&gt;&lt;P&gt;doing SSH using putty and unable to login to target server, its showing "remote side unexpectedly closed network connection"&amp;nbsp;&lt;/P&gt;&lt;P&gt;Tried discovery after turning on Debug, looks like same error as you got.&lt;/P&gt;</description>
      <pubDate>Wed, 11 Jan 2023 14:39:55 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-forum/sshcommand-cannot-connect-status-is-tcp-connection-dropped/m-p/2440326#M106892</guid>
      <dc:creator>Girija Sankar G</dc:creator>
      <dc:date>2023-01-11T14:39:55Z</dc:date>
    </item>
  </channel>
</rss>

