Find remote IP for [kex_exchange_identification: Connection closed by remote host]
Solution 1:
Try running tcpdump
on your ssh
port:
tcpdump -nn -s0 port 22
If you are already logged in over ssh
, exclude your source IP address (eg: 203.202.1.1) so you don't flood your terminal with your own traffic:
tcpdump -nn -s0 port 22 and not src 203.202.1.1 and not dst 203.202.1.1
You can also use Netfilter to log connections to syslog but keep in mind, a flood of connections can create enough load on your server that it becomes unresponsive so not something you want to run without putting some kind of logging limit on it (as shown):
iptables -I INPUT -p tcp --dport 22 -m limit --limit 4/min --limit-burst 4 -j LOG --log-prefix "SSH_NOTIFY: "
This will drop a message in your syslog about the connecting host