Menu
▾
▴
Re: [SSHGuard-users] key exchange ssh not being blocked
|
From: <li...@la...> - 2017-05-26 08:16:55
|
On Thu, 25 May 2017 18:22:01 -0700 li...@la... wrote: > I can't find the location of sshg-parser. The program isn't in my > search path and I have looked in the obvious places. On FreeBSD, > sshguard is located in /usr/local/sbin. > > Once I have sshg-parser, I will feed it an archived log. > > > > > Original Message > From: Kevin Zheng > Sent: Thursday, May 25, 2017 5:33 PM > To: ssh...@li... > Subject: Re: [SSHGuard-users] key exchange ssh not being blocked > > On 05/25/2017 17:04, li...@la... wrote: > > sshguard 1.7 is not catching key exchange ssh hacks. The number of > > fools attempting such a hack is small, but some are persistent. I've > > been blocking them by hand. > > I can't reproduce your issue. Specifically, I checked out the 1.7.1 > sshg-parser and ran: > > $ echo "May 24 20:37:06 theranch sshd[60250]: fatal: Unable to > negotiate with 172.81.185.192 port 50267: no matching key exchange > method found. Their offer: diffie-hellman-group1-sha1 [preauth]" | > sshg-parser > > And got an attack. > How do I see the attack? I don't see an entry doing a tail of auth.log. |
