My Oracle Support Banner

Oracle Linux: IP Rule with High Priority Number is Not Working for Incoming SSH Connections from Different Network "ssh_exchange_identification: read: Connection reset by peer" (Doc ID 2651961.1)

Last updated on APRIL 15, 2020

Applies to:

Linux OS - Version Oracle Linux 6.10 and later
Exadata Database Machine X8-2/X8M-2 Hardware - Version All Versions and later
Linux x86-64

Symptoms

SSH is failing from 192.168.z.xy to 192.168.x.yy. Below details are verified. 

bondeth0 -- 192.168.x.yy belongs to network 192.168.x.y/26

bondeth1 -- 192.168.z.xx belongs to network 192.168.z.x/24

It has IP rules like this.

#ip rule list
0: from all lookup local
32756: from all to 192.168.a.b lookup 181
32757: from 192.168.a.b lookup 181
32758: from all to 192.168.a.c lookup 180
32759: from 192.168.a.c lookup 180
32760: from all to 192.168.y.x lookup 220
32761: from 192.168.y.x lookup 220
32762: from all to 192.168.z.x/24 lookup 211
32763: from 192.168.z.x/24 lookup 211
32764: from all to 192.168.x.y/26 lookup 210 <<<=======
32765: from 192.168.x.y/26 lookup 210
32766: from all lookup main
32767: from all lookup default
/etc/sysconfig/network-scripts/route-bondeth0
------------------------------------------------
192.168.x.y/26 dev bondeth0 table 210
default via 192.168.x.y dev bondeth0 table 210


Ping and traceroute works from 192.168.x.yy to 192.168.z.xy, but ssh fails from 192.168.z.xy to 192.168.x.yy

#ssh root@192.168.x.yy
ssh_exchange_identification: read: Connection reset by peer


Running below command manually adds an extra route as shown in below ip rule command output. And ssh starts working.

#ifup-routes bondeth0
#ip rule list
0: from all lookup local
32754: from all to 192.168.x.y/26 lookup 210 <<<=======
32755: from 192.168.x.y/26 lookup 210
32756: from all to 192.168.a.b lookup 181
32757: from 192.168.a.b lookup 181
32758: from all to 192.168.a.c lookup 180
32759: from 192.168.a.c lookup 180
32760: from all to 192.168.y.x lookup 220
32761: from 192.168.y.x lookup 220
32762: from all to 192.168.z.x/24 lookup 211
32763: from 192.168.z.x/24 lookup 211
32764: from all to 192.168.x.y/26 lookup 210 <<<=======
32765: from 192.168.x.y/26 lookup 210
32766: from all lookup main
32767: from all lookup default

There are total 4 entries in table 210.

Changes

 No changes made to the environment.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.