![[kex_exchange_identification: リモート ホストによって接続が閉じられました] のリモート IP を検索します](https://rvso.com/image/747787/%5Bkex_exchange_identification%3A%20%E3%83%AA%E3%83%A2%E3%83%BC%E3%83%88%20%E3%83%9B%E3%82%B9%E3%83%88%E3%81%AB%E3%82%88%E3%81%A3%E3%81%A6%E6%8E%A5%E7%B6%9A%E3%81%8C%E9%96%89%E3%81%98%E3%82%89%E3%82%8C%E3%81%BE%E3%81%97%E3%81%9F%5D%20%E3%81%AE%E3%83%AA%E3%83%A2%E3%83%BC%E3%83%88%20IP%20%E3%82%92%E6%A4%9C%E7%B4%A2%E3%81%97%E3%81%BE%E3%81%99.png)
でこのようなログが山積みになっています/var/log/auth.log。2 分ごとに同じメッセージが 10 行表示されます。これらのメッセージを生成したリモート IP を知りたいです。
私はUbuntu 19.10を使用しています(これは私のリモートワークステーションで、定期的なセキュリティチェックを行っています)
61094 Jan 25 22:44:01 localhost sshd[10390]: error: kex_exchange_identification: Connection closed by remote host
61095 Jan 25 22:44:02 localhost sshd[10408]: error: kex_exchange_identification: Connection closed by remote host
61096 Jan 25 22:44:02 localhost sshd[10433]: error: kex_exchange_identification: Connection closed by remote host
61097 Jan 25 22:44:02 localhost sshd[10437]: error: kex_exchange_identification: Connection closed by remote host
61098 Jan 25 22:44:02 localhost sshd[10441]: error: kex_exchange_identification: Connection closed by remote host
61099 Jan 25 22:44:02 localhost sshd[10446]: error: kex_exchange_identification: Connection closed by remote host
61100 Jan 25 22:44:02 localhost sshd[10450]: error: kex_exchange_identification: Connection closed by remote host
61101 Jan 25 22:44:02 localhost sshd[10454]: error: kex_exchange_identification: Connection closed by remote host
61102 Jan 25 22:44:02 localhost sshd[10462]: error: kex_exchange_identification: Connection closed by remote host
61103 Jan 25 22:44:02 localhost sshd[10466]: error: kex_exchange_identification: Connection closed by remote host
61104 Jan 25 22:46:01 localhost sshd[12501]: error: kex_exchange_identification: Connection closed by remote host
61105 Jan 25 22:46:01 localhost sshd[12528]: error: kex_exchange_identification: Connection closed by remote host
61106 Jan 25 22:46:01 localhost sshd[12538]: error: kex_exchange_identification: Connection closed by remote host
61107 Jan 25 22:46:01 localhost sshd[12542]: error: kex_exchange_identification: Connection closed by remote host
61108 Jan 25 22:46:01 localhost sshd[12546]: error: kex_exchange_identification: Connection closed by remote host
61109 Jan 25 22:46:01 localhost sshd[12551]: error: kex_exchange_identification: Connection closed by remote host
61110 Jan 25 22:46:01 localhost sshd[12555]: error: kex_exchange_identification: Connection closed by remote host
61111 Jan 25 22:46:01 localhost sshd[12560]: error: kex_exchange_identification: Connection closed by remote host
61112 Jan 25 22:46:01 localhost sshd[12564]: error: kex_exchange_identification: Connection closed by remote host
61113 Jan 25 22:46:01 localhost sshd[12568]: error: kex_exchange_identification: Connection closed by remote host
61114 Jan 25 22:48:01 localhost sshd[14371]: error: kex_exchange_identification: Connection closed by remote host
61115 Jan 25 22:48:01 localhost sshd[14390]: error: kex_exchange_identification: Connection closed by remote host
61116 Jan 25 22:48:01 localhost sshd[14414]: error: kex_exchange_identification: Connection closed by remote host
61117 Jan 25 22:48:01 localhost sshd[14418]: error: kex_exchange_identification: Connection closed by remote host
61118 Jan 25 22:48:01 localhost sshd[14422]: error: kex_exchange_identification: Connection closed by remote host
61119 Jan 25 22:48:01 localhost sshd[14427]: error: kex_exchange_identification: Connection closed by remote host
61120 Jan 25 22:48:01 localhost sshd[14431]: error: kex_exchange_identification: Connection closed by remote host
61121 Jan 25 22:48:01 localhost sshd[14435]: error: kex_exchange_identification: Connection closed by remote host
61122 Jan 25 22:48:01 localhost sshd[14439]: error: kex_exchange_identification: Connection closed by remote host
61123 Jan 25 22:48:01 localhost sshd[14443]: error: kex_exchange_identification: Connection closed by remote host
61124 Jan 25 22:50:01 localhost sshd[16489]: error: kex_exchange_identification: Connection closed by remote host
61125 Jan 25 22:50:01 localhost sshd[16512]: error: kex_exchange_identification: Connection closed by remote host
61126 Jan 25 22:50:01 localhost sshd[16530]: error: kex_exchange_identification: Connection closed by remote host
61127 Jan 25 22:50:01 localhost sshd[16535]: error: kex_exchange_identification: Connection closed by remote host
61128 Jan 25 22:50:01 localhost sshd[16539]: error: kex_exchange_identification: Connection closed by remote host
61129 Jan 25 22:50:01 localhost sshd[16544]: error: kex_exchange_identification: Connection closed by remote host
61130 Jan 25 22:50:01 localhost sshd[16548]: error: kex_exchange_identification: Connection closed by remote host
61131 Jan 25 22:50:01 localhost sshd[16552]: error: kex_exchange_identification: Connection closed by remote host
61132 Jan 25 22:50:01 localhost sshd[16556]: error: kex_exchange_identification: Connection closed by remote host
61133 Jan 25 22:50:01 localhost sshd[16561]: error: kex_exchange_identification: Connection closed by remote host
61134 Jan 25 22:52:01 localhost sshd[18480]: error: kex_exchange_identification: Connection closed by remote host
61135 Jan 25 22:52:01 localhost sshd[18491]: error: kex_exchange_identification: Connection closed by remote host
61136 Jan 25 22:52:01 localhost sshd[18518]: error: kex_exchange_identification: Connection closed by remote host
61137 Jan 25 22:52:01 localhost sshd[18523]: error: kex_exchange_identification: Connection closed by remote host
61138 Jan 25 22:52:01 localhost sshd[18527]: error: kex_exchange_identification: Connection closed by remote host
61139 Jan 25 22:52:01 localhost sshd[18532]: error: kex_exchange_identification: Connection closed by remote host
61140 Jan 25 22:52:01 localhost sshd[18536]: error: kex_exchange_identification: Connection closed by remote host
auth.log-20200126-1579968001 61140,1 99%
答え1
tcpdumpポートで実行してみてくださいssh:
tcpdump -nn -s0 port 22
すでに でログインしている場合はssh、送信元 IP アドレス (例: 203.202.1.1) を除外して、自分のトラフィックでターミナルが溢れないようにします。
tcpdump -nn -s0 port 22 and not src 203.202.1.1 and not dst 203.202.1.1
Netfilter を使用して syslog への接続をログに記録することもできますが、接続が殺到するとサーバーに負荷がかかり、サーバーが応答しなくなる可能性があるので、何らかのログ記録制限を設けずに実行することはお勧めしません (次のように)。
iptables -I INPUT -p tcp --dport 22 -m limit --limit 4/min --limit-burst 4 -j LOG --log-prefix "SSH_NOTIFY: "
これにより、接続ホストに関するメッセージがsyslogに記録されます。
答え2
/ディレクトリの権限を確認してください。次のようになっているはずです。
drwxr-sr-x 1 root root 512 Feb 12 21:12