- edited description
New signature: SSHD - No key exchange method found
It seems a bunch of older brute force tools for ssh used old key exchange methods that are not marked as vulnerable and/or weak. I've locked down my SSH by limiting the service to those ciphers that are known to still be strong and unbroken however attackers are still trying and they get stopped preauth with that error being logged.
Example message:
sshd[29591]: fatal: Unable to negotiate with 0.0.0.0 port 37618: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
The part after offer can vary.
Comments (13)
-
reporter -
- changed status to duplicate
Duplicate of
#34. -
Fixed in
master
since 84431f2. If you are able to, please help testmaster
and provide your feedback. -
reporter I'm having some trouble getting it to build. O_O
-
Can you provide more information? Usually, output from
uname -a
, your error message, and./configure
command-line. -
reporter shinji@melchior:~/git/sshguard$ uname -a
Linux melchior.robertpendell.com 4.5.5-x86_64-linode69#3SMP Fri May 20 15:25:13 EDT 2016 x86_64 x86_64 x86_64 GNU/LinuxSession logging:
http://p.robertpendell.com/raw/EXO2now1xR -
reporter loves blame
I checked the blame logs and found line 299 was commited by you recently (7/12/2016). I undid the commit manually (it was one line) and it built ok after.Commit: 8ca82f3
-
reporter I can't properly test it due to an error in sshg-fw. Looks like the file is generated and as my log shows above I used iptables.
sshguard[11010]: /usr/local/sshguard/libexec/sshg-fw: 36: /usr/local/sshguard/libexec/sshg-fw: Syntax error: "}" unexpected
Later on I get this.
sshguard[11010]: 116.31.116.18: blocking for 840 secs (4 attacks in 160 secs, after 1 abuses over 160 secs)
sshguard[11010]: fw: broken pipe
sshguard[11010]: Exiting on signal
sshguard[11010]: fw: failed to flush blocked addresses -
That would be the untested new
iptables
backend biting. Hang on while I investigate the fix. -
Weird,
bash
doesn't like empty functions. Can you edit/usr/local/sshguard/libexec/sshg-fw
and add something likeecho "doing nothing"
in thefw_fin()
block? -
reporter That looks better however it still isn't working iptables wise.
On starting:
sshguard[14820]: /usr/local/sshguard/libexec/sshg-fw: 7: [: unexpected operatorOn stopping:
sshguard[14820]: /usr/local/sshguard/libexec/sshg-fw: 51: [: flush: unexpected operator
sshguard[14820]: /usr/local/sshguard/libexec/sshg-fw: 53: [: flush: unexpected operator
sshguard[14820]: /usr/local/sshguard/libexec/sshg-fw: 55: [: flush: unexpected operatorI'll do some digging of my own. I think bash is being picky in its own way.
Oops... Just realized it is actually dash because Ubuntu defaults it to that. :/
-
reporter Ok. I just tried your current code and it is building and running fine now. I copied the Ubuntu supplied sshguard-journalctl so it loads the local build instead the system one to test and everything appears to be good so far. I'll have to wait until someone starts spamming me with failed key exchange hits before I can confirm that string actually works as designed.
Note: sshguard-journalctl just runs journalctl to get system logging and pipes it to sshguard via stdin.
EDIT: Ok. Tested. Working good. Can't wait for the release later on. ;) http://p.robertpendell.com/raw/g0hxRYLBDq
-
Glad to hear things are working. Thanks for the report.
- Log in to comment