The “connection closed by remote host” message usually indicates that the remote host (e.g., a server) has closed the connection.
This can happen for a variety of reasons, such as network issue, the remote host crashing, the connection timing out, or the remote host intentionally closing the connection.
If you are trying to establish a connection to a server and seeing this message , you may need to check if the server is up and running and try again later.
In this article, I will explain how to troubleshoot this issue. Hopes it can help you fix the issue.
Check if the remote host is up and running
Make sure that the server you are trying to connect to is online and available. You can try pinging the server to see if it is reachable.
To use the ping command, open a command prompt or terminal window and type ping followed by the IP address or domain name of the target device. For example:
ping google.com
This will send a series of four ICMP echo requests to google.com, and then display the results. The output will show the round-trip time (RTT) for each request, as well as the minimum, maximum, and average RTT.
Here is an example of the output you might see:
Pinging google.com [172.217.167.110] with 32 bytes of data:
Reply from 172.217.167.110: bytes=32 time=26ms TTL=55
Reply from 172.217.167.110: bytes=32 time=25ms TTL=55
Reply from 172.217.167.110: bytes=32 time=25ms TTL=55
Reply from 172.217.167.110: bytes=32 time=26ms TTL=55
Ping statistics for 172.217.167.110:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 26ms, Average = 25ms
From the response, we can get a idea that remote host is up or not. Just be aware that some devices may have ICMP echo request blocking enabled for security reasons.
If this is the case, we can use other options to check it.
Check if the service is running on remote server
We can use some commands like telnet or nc to check the service status on remote server.
For example, to check if the HTTP port (port 80) is open on a remote server with the IP address 192.168.1.1, you can use the following command:
telnet 192.168.1.1 80
If the port is open, you will see something like this:
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
Press CTRL + ] and then type quit to exit.
If the port is not open, you will see an error message like this:
Trying 192.168.1.1...
telnet: Unable to connect to remote host: Connection refused
You can also use the nc (Netcat) command to check if a port is open. For example:
nc -zv 192.168.1.1 80
If the port is open, you will see something like this:
Connection to 192.168.1.1 80 port [tcp/http] succeeded!
If the port is not open, you will see something like this:
nc: connect to 192.168.1.1 port 80 (tcp) failed: Connection refused
If you can not connect to the remote port, there may be a problem with your network connection or the service that the remote host is on. Try troubleshooting your network connection and see if that resolves the issue.
Check the firewall settings
The firewall on the remote host or on your local machine may be blocking the connection. Check the firewall settings and make sure that the connection is allowed.
There are a few different ways to check the status of the firewall on a Linux machine:
ufw (Uncomplicated Firewall) is a user-friendly firewall that is installed by default on many Linux distributions. To check the status of ufw, use the status command:
sudo ufw status
This will show you whether ufw is active or inactive, as well as the rules that are currently in place.
If ufw is not installed on your machine, you can use the iptables command to check the firewall rules. To see the current firewall rules, use the -L flag:
sudo iptables -L
This will show you the rules that are currently in place for the different chains (INPUT, FORWARD, and OUTPUT).
Alternatively, you can use the firewall-cmd command, which is part of the firewalld service. To check the status of the firewall, use the –state flag:
sudo firewall-cmd --state
This will show you whether the firewall is running or not. To see the current firewall rules, use the –list-all flag:
sudo firewall-cmd --list-all
This will show you the rules that are currently in place for the different zones.
Check application log on remote server
There are some utilities that allow you to view log files on a remote server directly from your local machine. Examples include tail -f, which allows you to view the live output of a log file as it is written to.
For example, if your issue is related to SSH. You can use the tail command to view the contents of log file in real-time:
tail -f /var/log/access.log
This will show you the live output of the access.log file as it is written to. You can use CTRL+C to stop the tail command and return to the command prompt.
If you are looking for specific SSH login events, you can use the grep command to search for them:
grep "sshd" /var/log/auth.log
This will show you all of the log entries that contain the string “sshd”, which should include most SSH login events.
You can also use the journalctl command to view the system log, which includes log entries from the SSH daemon and other system services. To view the log entries for the SSH daemon, use the -u flag to filter by unit name:
journalctl -u sshd
This will show you the log entries for the SSH daemon. You can use the –since and –until flags to specify a time range for the log entries. For example:
journalctl -u sshd --since "1 hour ago"
This will show you the log entries for the SSH daemon from the past hour.
There are many tools available that can help you collect, analyze, and view logs from remote servers.
These tools can often be configured to forward logs from the remote server to a central location, where you can view them in a web interface or through a command-line interface.
Check application configuration on server
Some applications have a limit on the number of users who can access the system concurrently. When the limit is reached, new users will not be able to access the system until one of the existing users logs out or the limit is increased.
Here is an example of error connection closed by remote host. It is related with SSH.
The MaxStartups option in the sshd_config file is used to control the maximum number of unauthenticated connections that the Secure Shell (SSH) daemon will accept at a time. When the number of unauthenticated connections exceeds this limit, the SSH daemon will close new connections until the number of unauthenticated connections falls below the limit again.
The MaxStartups option is used to prevent Denial of Service (DoS) attacks, in which an attacker attempts to overwhelm the system by making a large number of connections. By limiting the number of unauthenticated connections, the MaxStartups option can help to protect the system against these types of attacks.
You can adjust the MaxStartups option to suit the needs of your system. A lower value will increase security but may also result in legitimate users being unable to connect if the connection rate is high. A higher value will allow more users to connect but may also make the system more vulnerable to DoS attacks.
sshd(8) will refuse connection attempts with a probability of rate/100 (30%) if there are currently start (10) unauthenticated connections.
Check system load on server side
A busy system can trigger a “connection closed by remote host” error. If a system is under a heavy load, it may not have the resources available to accept new connections or process requests from existing connections. This can cause the system to close connections or refuse new connections.
There are a few different ways you can check if a system is busy:
Check the system load: You can use the uptime command to check the current and average system load. A high load average may indicate that the system is busy.
Check the CPU usage: You can use the top or htop command to check the CPU usage of individual processes. If a single process is using a high percentage of CPU resources, it may be causing the system to be busy.
ps: The ps command is a utility that shows the currently running processes. To see a list of processes sorted by CPU usage, use the -o flag to specify the %CPU column, and use the -aux flags to show all processes for all users:
ps -aux --sort=-%cpu
This will show you a list of processes, sorted by CPU usage in descending order.
If you identify a process that is using a high amount of CPU resources, you can try to identify why it is using so much CPU and see if there is a way to optimize it. You can also use the kill command to terminate the process if necessary.
Check the memory usage: You can use the free command to check the memory usage of the system. If the system is running low on memory, it may be swapping heavily to disk, which can cause the system to slow down.
If you identify that the system is busy, you may need to optimize the processes that are using the most resources or add more resources (such as CPU or memory) to the system to improve its performance.