![]() Jun 06 07:16:29 server sshd: debug1: kex: client->server 3des-cbc hmac-sha1 none Jun 06 07:16:29 server sshd: debug2: mac_setup: setup hmac-sha1 Jun 06 07:16:29 server sshd: debug2: kex_parse_kexinit: none Jun 06 07:16:29 server sshd: debug2: kex_parse_kexinit: hmac-sha1 Jun 06 07:16:29 server sshd: debug2: kex_parse_kexinit: 3des-cbc Jun 06 07:16:29 server sshd: debug2: kex_parse_kexinit: ssh-rsa Jun 06 07:16:29 server sshd: debug2: kex_parse_kexinit: diffie-hellman-group1-sha1 Jun 06 07:16:29 server sshd: debug2: kex_parse_kexinit: reserved 0 Jun 06 07:16:29 server sshd: debug2: kex_parse_kexinit: first_kex_follows 0 Jun 06 07:16:29 server sshd: debug2: kex_parse_kexinit: Jun 06 07:16:29 server sshd: debug1: SSH2_MSG_KEXINIT received Jun 06 07:16:29 server sshd: debug1: SSH2_MSG_KEXINIT sent Jun 06 07:16:29 server sshd: debug3: preauth child monitor started Jun 06 07:16:29 server sshd: debug2: Network child is on pid 15574 Jun 06 07:16:29 server sshd: debug2: fd 3 setting O_NONBLOCK Jun 06 07:16:29 server sshd: debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2 Jun 06 07:16:29 server sshd: debug1: Enabling compatibility mode for protocol 2.0 Jun 06 07:16:29 server sshd: debug1: no match: libssh-0.2 Jun 06 07:16:29 server sshd: debug1: Client protocol version 2.0 client software version libssh-0.2 Jun 06 07:16:29 server sshd: Connection from port 46328 on port 22 Jun 06 07:16:29 server sshd: debug1: inetd sockets after dupping: 3, 3 ![]() Jun 06 07:16:29 server sshd: debug1: rexec start in 5 out 5 newsock 5 pipe 9 sock 10 Jun 06 07:16:29 server sshd: Set /proc/self/oom_score_adj to 0 Jun 06 07:16:29 server sshd: debug3: oom_adjust_restore Jun 06 07:16:29 server sshd: debug3: send_rexec_state: done Jun 06 07:16:29 server sshd: debug3: ssh_msg_send: type 0 ![]() Jun 06 07:16:29 server sshd: debug3: send_rexec_state: entering fd = 10 config len 1263 The following log shows two consecutive attempts by a different server than the first time: Jun 06 07:16:29 server sshd: debug3: fd 5 is not O_NONBLOCK For now I am leaving the question unanswered.įinally after almost one week I was able to detect the same attack and log with LogLevel DEBUG3 as suggested by Jakuje. I don't have problems logging in using a key, I am using the latest OpenSSH ( OpenSSH_6.7p1 Debian-5+deb8u2, OpenSSL 1.0.1k ) but I have enabled some additional ciphers to enable connections from an older server using the proposed string from here: Ciphers :Īs proposed by I removed the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods (mentioned in libssh-0.7.3 release notes) resulting to this string: KexAlgorithms error messages stopped to show up, still I am not 100% sure it was the solution because of the rare occurrence of the errors. I cannot make sense of the information found through google, so I was thinking it is maybe a new form of attack?īasically every 25 seconds I get the following two rows in my journal log (the packet length differs every time): Jun 01 08:35:14 k002271d sshd: Bad packet length 516882381. I am getting a lot of failed ssh login attempts by one specific IP-Address with a strange error.
0 Comments
Leave a Reply. |