New signature: no matching mac found: ...

Create issue
Issue #46 on hold
Charles Pigott created an issue

Quite similar to #34 & #39 , seeing a lot of the following in my systemd journal:

Nov 09 17:31:59 my.hostname.com sshd[18151]: Connection from their.ip.add.ress port 46660 on my.ip.add.ress port 22
Nov 09 17:31:59 my.hostname.com sshd[18151]: fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com server hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com [preauth]

Comments (1)

  1. Kevin Zheng

    The first line contains a remote address, but it's not clear that it needs to be blocked. The second line is recognizable as an attack, but does not contain the remote address. SSHGuard does not currently recognize multi-line attacks.

  2. Log in to comment