Menu
▾
▴
Re: [SSHGuard-users] sshd and connections resulting in "kex_exchange_identification" errors
|
From: Burton S. <Bu...@Bu...> - 2021-11-22 13:09:18
|
I think you will need to patch sshd... Find the line that generates that message and add the source IP to it. Then you'll be able to add the signature line to sshguard. -----Burton -----Original Message----- Message: 1 Date: Sat, 20 Nov 2021 07:13:19 +1100 From: Greg Bell <gbe...@ya...> To: ssh...@li... Subject: [SSHGuard-users] sshd and connections resulting in "kex_exchange_identification" errors Message-ID: <894...@ya...> Content-Type: text/plain; charset=utf-8; format=flowed Hi, My sshd server sits on port 443 so I can get to it from behind corp firewalls. So it gets a lot of http requests, which result in things like: ??? Nov 20 02:12:12 server sshd[1170601]: error: kex_exchange_identification: banner line contains invalid characters No IP is reported, so sshguard can't do anything about these. I'd like to block them - seems reasonable that a hack, or at least a DOS, could happen at that early point in sshd's protocol. Does anybody have experience blocking based on these connection attempts? Best regards, ~gb ------------------------------ ------------------------------ Subject: Digest Footer _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users ------------------------------ End of sshguard-users Digest, Vol 117, Issue 3 ********************************************** |
