Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSH connection originating from default gateway?

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 357 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Frozenbyte
      last edited by

      Today while reviewing the syslog on my Unraid Server, I noticed SSH errors for
      "Kex_exchange_indentification: Connection closed by remote host"

      I am trying to understand why the SSH connections appear to be originating from the default gateways of two of my networks?

      SSH Errors.png

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That type of log entry is something you might see if there is a mechanism monitoring the port to see if it's open but not actually attempting to connect as a client. For example if you have something like haproxy setup with a TCP entry for SSH to that system and it is performing a health check.

        For example, this does a simple TCP handshake test without sending or receiving data:

        Host A:

        $ nc -vz x.x.x.x 22
        Connection to x.x.x.x 22 port [tcp/ssh] succeeded!
        

        Host B:

        Jan 23 11:39:30 target sshd[17392]: error: kex_exchange_identification: Connection closed by remote host
        Jan 23 11:39:30 target sshd[17392]: Connection closed by x.x.x.y port 48544
        

        It's also possible you have something inside doing that but it's hitting NAT reflection on the firewall so it appears to come from the firewall, but the real source is elsewhere inside your network.

        Lastly, you might have configured outbound NAT on that interface masking the source of the traffic.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.