[SOLVED] Error sshd banner line

fat256 · 05-14-2020, 12:35 PM

Hi,

Using Centos 8.1 , i have errors on log /var/log/secure like

May 14 19:25:41 XXXXXX sshd[9690]: error: kex_exchange_identification: banner line contains invalid characters

message appear each minutes ....

on /etc/ssh/sshd_config , i have Banner none with #.

an idea how i can find causes of these message ????

Thanks

ondoho · 05-14-2020, 04:16 PM

Could also be some config thing on the client side.

Try to work around it by defining a banner file without invalid characters?

fat256 · 05-14-2020, 04:59 PM

after tried to add banner , i have always same error message.

TB0ne · 05-14-2020, 05:40 PM

Quote:

Originally Posted by fat256

after tried to add banner , i have always same error message.

Seen it before, and ondoho is right; it's a client side thing. By any chance, do you have root logins disabled, and do you have any cron jobs doing rsync/network backups?? Sometimes network scans can trigger that (browsers, bots, etc.), or it could be someone probing your system. Or just an rsync job running over SSH that's causing it. Several things can make it pop up, but without knowing more about the server, where it is, what it does, and what's connected to/accessing it, it's hard to pinpoint.

fat256 · 05-14-2020, 06:12 PM

good idea , i reused an existing IP , how i could know which client ( found IP ) is trying to communicate with system ?
I have no cron configured , it is a fresh install .

fat256 · 05-14-2020, 06:58 PM

with tcpdump i found the ip.
thanks ,

ondoho · 05-16-2020, 02:13 AM

Quote:

Originally Posted by fat256

after tried to add banner , i have always same error message.

I wonder where you added what file with what content.