Unable to proxy data, key_exchange_identifcation: connection closed by remote host: boundary connect ssh command

Hi Braintrusts,
I am getting the following error while testing this command (boundary connect ssh -target-id ttcp_ghgkd45 and same error i will get via boundary desktop client web UI in the shell

Error: ssh_knownhostproxy: unable to proxy data: connection reset by peer
kex_exchange_identifcation: Connection closed by remote host

I have read all other posts here but could not understand what fix they have applied:
my target is redhat linux vm and setup a static credential for the target.

If i run the boundary cli (boundary connect -target-id ttcp_qim3fdfdh then it displays the following:
address: 127.0.0.1
port: 25656
protocol: tcp
session_id: s_H3bJfhfh

credentials: ,
I am not using any private key. it is just simple static credential username and password for the target which I can access via ssh directly. Everything is self-hosted here with trial enterprise version of boundary 0.15.0+ent.

Do I need to enable or disable option in target rhel vm sshd file?

Anyone can explain the issue and help me to resolve this in simple way please.
Thank you

any update on this please @jeff @irena.rindos @macmiranda @omkensey. I also tried to do “ssh 127.0.0.1 -p 45484” on the boundary desktop client shell, I will get the same error:
sss_ssh_knownhostproxy: unable to proxy data: connection reset by peer, key_exchange_identification: connection closed by remote host:

Please help me in sorting this out. I have tried to reset AllowedTcpForwarding to yes but still did not work.

any idea, what config I need to change and where?
Many thanks

It looks like you are using ssh_knownhostproxy which it seems can cause issues with processes that run over ssh (here’s a thread from mosh that has issues as well).

You may want to try removing the use of ssh_knownhostproxy from your ssh_config file and see if that helps. I don’t really know much about ssh_knownhostproxy so if that does help then you’ll have to dig into that, but the advice from the mosh thread about CanonicalizeHostname=always may help.

It seems like a connection issue with SSH. Have you checked your network settings and SSH configurations on the RedHat Linux VM? Double-checking those grinder resources might help resolve the problem. If not, seeking assistance from the Boundary support community could provide further insight.

Im facing a similar issue.
the host im trying to connect to via the target is the worker itself but I get
“Connection closed by 127.0.0.1 port 55100”

I can see on the target that an attempt is made

localadmin@SRV01:~$ netstat -tun | grep :22
tcp 0 0 10.10.40.36:55146 10.10.40.36:22 TIME_WAIT

The ssh auth log shows a connection closed

Apr 26 11:56:34 SRV01 sshd[2694021]: Connection closed by authenticating user localadmin 10.10.40.36 port 55146 [preauth]

When I issue the same command from the target it is working

localadmin@SRV01:~$ sudo ssh localadmin@10.10.40.36 -i /home/xxxx/priv.pem
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 6.2.0-1015-azure x86_64)

localadmin@SRV1:~$ netstat -tun | grep :22
tcp 0 0 10.10.40.36:57644 10.10.40.36:22 ESTABLISHED

Any advice on the steps I can do to troubleshoot this further?

Today we found out that if we create the target as generic TCP with a destination port 22 we are able to connect through boundary.

user@xxx-MBP-2 ~ % ssh localadmin@127.0.0.1 -p 52157 
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 6.2.0-1015-azure x86_64)
localadmin@SRV-01:~$

This shows we are able to connect through boundary, but not as SSH target.

Any idea?