无法通过某些 IP ssh 进入服务器，但 hosts.deny 等似乎没问题

我们有一台服务器和几台具有固定 IP 的工作站。服务器配置为基本拒绝所有 ssh 请求，除了在 hosts.allow 中输入的请求。以下是配置。

主机拒绝

sshd: ALL

主机允许

sshd: 192.168.28.38, 192.168.28.182, 192.168.28.120 #and so on

但是只有部分输入的IP可以通过SSH登录（例如 192.168.28.182）. 其他 IP 也在 hosts.allow 中 （例如 192.168.28.38）无法登录并查看错误消息"kex_exchange_identification: read: Connection reset by peer"

sudo service sshd status输出以下内容：

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-01-18 21:41:00 CET; 26min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 171575 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 171576 (sshd)
      Tasks: 1 (limit: 9257)
     CGroup: /system.slice/ssh.service
             └─171576 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Jan 18 21:41:00 nas3 systemd[1]: Starting OpenBSD Secure Shell server...
Jan 18 21:41:00 nas3 sshd[171576]: Server listening on 0.0.0.0 port 1636.
Jan 18 21:41:00 nas3 sshd[171576]: Server listening on :: port 1636.
Jan 18 21:41:00 nas3 systemd[1]: Started OpenBSD Secure Shell server.
Jan 18 21:41:02 nas3 sshd[171587]: refused connect from 2003:cf:2732:be00:5dab:2f56:ef10:5536 (2003:cf:2732:be00:5dab:2f56:ef10:5536)

其中 IPv6 地址属于受影响工作站的网络接口。

fail2ban.log这么说。

2022-01-16 22:30:48,213 fail2ban.filter         [2016]: INFO    Added logfile: '/var/log/auth.log' (pos = 193935, hash = e5c5bbd4fbfd8258434cad02588f1651f1bb8cb1)
2022-01-16 22:30:48,264 fail2ban.jail           [2016]: INFO    Jail 'sshd' started
2022-01-17 17:36:58,043 fail2ban.filter         [2016]: INFO    [sshd] Found 2003:cf:2739:ba00:75f3:6b2a:1f36:c465 - 2022-01-17 17:36:58
2022-01-17 20:53:20,133 fail2ban.filter         [2016]: INFO    [sshd] Found 2003:cf:2739:ba00:75f3:6b2a:1f36:c465 - 2022-01-17 20:53:20
2022-01-18 18:11:49,169 fail2ban.filter         [2016]: INFO    [sshd] Found 2003:cf:2732:be00:2879:c81c:c30:4483 - 2022-01-18 18:11:49
2022-01-18 21:12:10,519 fail2ban.filter         [2016]: INFO    [sshd] Found 192.168.28.33 - 2022-01-18 21:12:10
2022-01-18 21:40:24,794 fail2ban.filter         [2016]: INFO    [sshd] Found 2003:cf:2732:be00:5dab:2f56:ef10:5536 - 2022-01-18 21:40:24
2022-01-18 21:41:03,159 fail2ban.filter         [2016]: INFO    [sshd] Found 2003:cf:2732:be00:5dab:2f56:ef10:5536 - 2022-01-18 21:41:02

这个错误只存在了几天。在此之前一切正常，所以这似乎不是一个根本问题。

编辑（新日志）：

失败工作站的详细 ssh 输出（使用以太网）：

ssh config@nas3 -p 1636 -v

OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to nas3 [2003:cf:2732:be00::161] port 1636.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
kex_exchange_identification: read: Connection reset by peer

似乎所有使用以太网的工作站也自动使用 IPv6。这些工作站无法连接。所有 WiFi 连接设备都使用 IPv4 并且可以连接。

解决方案是简单地将 IPv6 地址添加到 hosts.allow 吗？但是，我想知道是什么原因导致以太网突然只使用 IPv6。

我在哪里可以找到更多日志或者是否有人已经知道我们的错误是什么？

感谢您的回答！