- changed status to on hold
New signature: no matching mac found: ...
Issue #46
on hold
Quite similar to #34 & #39 , seeing a lot of the following in my systemd journal:
Nov 09 17:31:59 my.hostname.com sshd[18151]: Connection from their.ip.add.ress port 46660 on my.ip.add.ress port 22
Nov 09 17:31:59 my.hostname.com sshd[18151]: fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com server hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com [preauth]
Comments (1)
-
- Log in to comment
The first line contains a remote address, but it's not clear that it needs to be blocked. The second line is recognizable as an attack, but does not contain the remote address. SSHGuard does not currently recognize multi-line attacks.