New signature: no matching mac found: ...

Create issue
Issue #46 on hold
Charles Pigott created an issue

Quite similar to #34 & #39 , seeing a lot of the following in my systemd journal:

Nov 09 17:31:59 sshd[18151]: Connection from their.ip.add.ress port 46660 on my.ip.add.ress port 22
Nov 09 17:31:59 sshd[18151]: fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160, server,,,hmac-sha2-512,hmac-sha2-256, [preauth]

Comments (1)

  1. Kevin Zheng

    The first line contains a remote address, but it's not clear that it needs to be blocked. The second line is recognizable as an attack, but does not contain the remote address. SSHGuard does not currently recognize multi-line attacks.

  2. Log in to comment