Find remote IP for [kex_exchange_identification: Connection closed by remote host]

ssh security linux

Solution 1:

Try running tcpdump on your ssh port:

tcpdump -nn -s0 port 22

If you are already logged in over ssh, exclude your source IP address (eg: 203.202.1.1) so you don't flood your terminal with your own traffic:

tcpdump -nn -s0 port 22 and not src 203.202.1.1 and not dst 203.202.1.1

You can also use Netfilter to log connections to syslog but keep in mind, a flood of connections can create enough load on your server that it becomes unresponsive so not something you want to run without putting some kind of logging limit on it (as shown):

iptables -I INPUT -p tcp --dport 22 -m limit --limit 4/min --limit-burst 4 -j LOG --log-prefix "SSH_NOTIFY: "

This will drop a message in your syslog about the connecting host

Related

Windows 32-bit and 64-bit and GPT
Network latency decreasing on load
How can I extend the desktop across 8 VGA monitors so they operate as one large monitor from one PC?
Calculate the median of the 20 peers that are closest in terms of total assets
Why does my windows 7 go to sleep after two minutes regardless of power management settings? [duplicate]
Is there a unix command to output time elapsed during a command?
Error message when trying to convert private key from a pem-file to a pvk-file
Is it possible to have multiple audio outputs?
2 user accounts in my name on fresh installation win10 - how to disable or restrict the second one
List Mapped Drives of All Users
Linux PuTTY - automate su for password related issue
How can I include quotations in a CONCATENATE operation?