SSH Error "ssh_exchange_identification ‘connection closed by remote host"

Owned by Michael Peters
Last updated: Jan 26, 2021
1 min read

The backstory here is that penetration testing can cause our testing IPs and IP connections to be blocked. This technique has allowed us to regain the SSH connectivity to server instances.

From the AWS or AWS GovCloud administration console. Select the instance "Actions" -> "Instance settings" -> "Edit user-data". Then just copy the script into the text box. Then the next time you start the instance the script will run.

This script will flush the iptables and delete the hosts.deny file to purge any blockers on our SSH ip addresses.

_______________________________________________________________________________________

Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0

--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"

#cloud-config
cloud_final_modules:

[scripts-user, always]

--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"

#!/bin/bash -xe
echo "flushing iptables rules to unban users"
iptables -F
echo "deleting hosts.deny"
rm /etc/hosts.deny
--//

This technique is also useful to script in other commands that will persist through instance restarts. If you want to remove it, stop the instance, delete the script, and restart the instance.