![[Memo] What to do if Connection closed by xx.xx.xx.xx.xx port 22 occurs when you connect to TryHackMe.](https://hack-lab-256.com/wp-content/uploads/2023/04/hack-lab-256-samnail-10.jpg)
I wanted to connect to SSH using TryHackMe, but I struggled to do so, so I'll leave it as a memo.
If anyone is suffering from the same problem, I think this might be helpful.
Recommended reference books
Author: IPUSIRON
¥2,090 (As of 15:33 on 2025/07/13 | Amazon research)
Pochip
Pochip
Author: Justin Seitz, Author: Tim Arnold, Supervised by: Mantani Nobutaka, Translation: Arai Yu, Translation: Kakara Hirosei, Translation: Murakami Ryo
¥3,520 (As of 12:26 on 07/09/2025 | Amazon research)
Pochip
Author: Tokumaru Hiroshi
¥3,520 (As of 00:44 on 2025/07/12 | Amazon research)
Pochip
table of contents
expecting SSH2_MSG_KEX_DH_GEX_GROUP stops processing
To check the event, I tried sshing with "-vvv".
┌──(hacklab㉿hacklab)-[~] └─$ ssh user@10.10.237.121 -vvv 130 ⨯ OpenSSH_8.7p1 Debian-4, OpenSSL 1.1.1m 14 Dec 2021 debug1: Reading configuration data /home/hacklab/.ssh/config debug1: /home/hacklab/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug2: resolve_canonicalize: hostname 10.10.237.121 is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/hacklab/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/hacklab/.ssh/known_hosts2' debug3: ssh_connect_direct: entering debug1: Connecting to 10.10.237.121 [10.10.237.121] port 22. debug3: set_sock_tos: set socket 3 IP_TOS 0x10 debug1: Connection established. debug1: identity file /home/hacklab/.ssh/id_rsa type -1 debug1: identity file /home/hacklab/.ssh/id_rsa-cert type -1 debug1: identity file /home/hacklab/.ssh/id_dsa type -1 debug1: identity file /home/hacklab/.ssh/id_dsa-cert type -1 debug1: identity file /home/hacklab/.ssh/id_ecdsa type -1 debug1: identity file /home/hacklab/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/hacklab/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/hacklab/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/hacklab/.ssh/id_ed25519 type -1 debug1: identity file /home/hacklab/.ssh/id_ed25519-cert type -1 debug1: identity file /home/hacklab/.ssh/id_ed25519_sk type -1 debug1: identity file /home/hacklab/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/hacklab/.ssh/id_xmss type -1 debug1: identity file /home/hacklab/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.7p1 Debian-4 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze5 debug1: compat_banner: match: OpenSSH_5.5p1 Debian-6+squeeze5 pat OpenSSH_5* compat 0x0c000002 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.10.237.121:22 as 'user' debug1: load_hostkeys: fopen /home/hacklab/.ssh/known_hosts: No such file or directory debug1: load_hostkeys: fopen /home/hacklab/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /home/hacklab/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug3: order_hostkeyalgs: no algorithms matched; accept original debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-c ert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,ssh-dss debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: MACs ctos: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: MACs stoc: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none debug3: send packet: type 34 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP Connection closed by 10.10.237.121 port 22When I checked, I found that it was stopped with "expecting SSH2_MSG_KEX_DH_GEX_GROUP". . .
After doing some research I came across a few articles that said that the MTU values were poor.
First, when I checked the MTU value, I found that eth0 is 1500.
┌──(hacklab㉿hacklab)-[~] └─$ ifconfig 127 ⨯ eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ...For now, I'll set eth0 to 1454.
┌──(hacklab㉿hacklab)-[~] └─$ sudo ifconfig eth0 mtu 1454 I tried ssh again in this state and it worked! !
┌──(hacklab㉿hacklab)-[~] └─$ ssh user@10.10.237.121 user@10.10.237.121's password: Linux debian 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Wed Apr 5 11:11:52 2023 from ip-10-18-110-90.eu-west-1.compute.internal user@debian:~$summary
The server was running, but I was panicked when I got "Connection closed", but I was able to connect somehow, so I'm glad.
References and Sites
@IT: https://atmarkit.itmedia.co.jp/flinux/rensai/linuxtips/418chkmtu.html
![[HackTheBox] What to do if "An error of type HTTPClient::ReceiveTimeoutError happened, message is executed expired" appears in Evil-WinRM](https://hack-lab-256.com/wp-content/uploads/2023/09/hack-lab-256-samnail-4-300x169.jpg)
![[CVE-2015-3306] I enumerated the shared Samba, manipulate a vulnerable version of proftpd, and escalated privileges by manipulating path variables! TryHackMe Kenobi Writeup](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-2-300x169.jpg)
![[Permanent CTF for beginners] setodaNote CTF WEB Writeup! Recommended for getting a sense of CTF!](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-1-1-300x169.jpg)
![[TryHackMe] We conducted packet analysis using wireshark to investigate the intrusion of ssh-backdoor! Overpass2 Writeup](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-300x169.jpg)
![[CVE-2018-16763] fuel CMS 1.4.1 - I converted Remote Code Execution (1) to python 3 and hacked it! TryHackMe Ignite Writeup](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-25-300x169.jpg)
![[TryHackMe] I used SSH2John to extract the hash from the private key and hacked the password with John the Ripper! Overpass Writeup](https://hack-lab-256.com/wp-content/uploads/2023/07/hack-lab-256-samnail-24-300x169.jpg)
![[TryHackMe] I tried infiltrating a Windows machine with a ret2esp attack (Buffer Overflow)! Brainstorm Writeup](https://hack-lab-256.com/wp-content/uploads/2023/06/hack-lab-256-samnail-23-300x169.jpg)