LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   CentOS (https://www.linuxquestions.org/questions/centos-111/)
-   -   Error sshd banner line (https://www.linuxquestions.org/questions/centos-111/error-sshd-banner-line-4175675240/)

fat256 05-14-2020 12:35 PM
Error sshd banner line
 
Hi,

Using Centos 8.1 , i have errors on log /var/log/secure like

May 14 19:25:41 XXXXXX sshd[9690]: error: kex_exchange_identification: banner line contains invalid characters

message appear each minutes ....

on /etc/ssh/sshd_config , i have Banner none with #.

an idea how i can find causes of these message ????

Thanks

ondoho 05-14-2020 04:16 PM
Could also be some config thing on the client side.

Try to work around it by defining a banner file without invalid characters?

fat256 05-14-2020 04:59 PM
after tried to add banner , i have always same error message.

TB0ne 05-14-2020 05:40 PM
Quote:
Originally Posted by fat256 (Post 6123116)
after tried to add banner , i have always same error message.
Seen it before, and ondoho is right; it's a client side thing. By any chance, do you have root logins disabled, and do you have any cron jobs doing rsync/network backups?? Sometimes network scans can trigger that (browsers, bots, etc.), or it could be someone probing your system. Or just an rsync job running over SSH that's causing it. Several things can make it pop up, but without knowing more about the server, where it is, what it does, and what's connected to/accessing it, it's hard to pinpoint.

fat256 05-14-2020 06:12 PM
good idea , i reused an existing IP , how i could know which client ( found IP ) is trying to communicate with system ?
I have no cron configured , it is a fresh install .

fat256 05-14-2020 06:58 PM
with tcpdump i found the ip.
thanks ,

ondoho 05-16-2020 02:13 AM
Quote:
Originally Posted by fat256 (Post 6123116)
after tried to add banner , i have always same error message.
I wonder where you added what file with what content.


All times are GMT -5. The time now is 07:30 AM.