[SSHD configuration error (AuthorizedKeysCommand)] log 1 pass = Feb 9 11:44:56 someserver sshd[1234]: error: Could not stat AuthorizedKeysCommand "/usr/local/sbin/ssh-ldap-authorized_keys": No such file or directory rule = 5739 alert = 4 decoder = sshd [ssh connection reset by peer] log 1 pass = Feb 10 23:21:05 someserver sshd[1234]: Read error from remote host 192.168.1.1: Connection reset by peer rule = 5740 alert = 4 decoder = sshd [ssh connection refused] log 1 pass = Feb 11 06:41:50 someserver sshd[1234]: debug1: channel 5: connection failed: Connection refused rule = 5741 alert = 4 decoder = sshd [ssh connection timed out] log 1 pass = Feb 12 17:45:09 someserver sshd[1234]: debug1: channel 3: connection failed: Connection timed out rule = 5742 alert = 4 decoder = sshd [ssh no route to host] log 1 pass = Jan 30 18:55:24 someserver sshd[1234]: debug1: channel 1: connection failed: No route to host rule = 5743 alert = 4 decoder = sshd [ssh port forwarding issue] log 1 pass = Feb 13 22:54:51 someserver sshd[1234]: debug1: server_input_channel_open: failure direct-tcpip rule = 5744 alert = 4 decoder = sshd [ssh transport endpoint is not connected] log 1 pass = Feb 6 12:28:17 someserver sshd[1234]: debug1: getpeername failed: Transport endpoint is not connected rule = 5745 alert = 4 decoder = sshd [ssh get_remote_port failed] log 1 pass = Feb 6 12:28:17 someserver sshd[1234]: debug1: get_remote_port failed rule = 5746 alert = 4 decoder = sshd [ssh bad client public DH value] log 1 pass = Feb 4 23:05:57 someserver sshd[1234]: Disconnecting: bad client public DH value [preauth] log 1 pass = Feb 4 23:05:57 someserver sshd[1234]: Disconnecting: bad client public DH value rule = 5747 alert = 6 decoder = sshd [ssh corrupted MAC on input] log 1 pass = Feb 14 14:34:15 someserver sshd[1234]: Corrupted MAC on input. [preauth] log 2 pass = Nov 22 19:24:55 server sshd[4046]: Corrupted MAC on input. rule = 5748 alert = 6 decoder = sshd [ssh bad packet length] log 1 pass = Mar 4 13:34:59 someserver sshd[5396]: Bad packet length 4081586742. [preauth] log 2 pass = Mar 4 13:34:59 someserver sshd[5396]: Bad packet length 4081586742. rule = 5749 alert = 4 decoder = sshd [ssh unable to negotiate] log 1 pass = Mar 3 10:56:18 junction sshd[32065]: fatal: Unable to negotiate with 202.191.177.33 port 3579: no matching cipher found. Their offer: 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc [preauth] rule = 5753 alert = 2 decoder = sshd [ssh no matching key exchange] log 1 pass = Sep 16 05:46:56 junction sshd[1961]: fatal: Unable to negotiate with 108.229.36.174: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth] log 2 pass = Apr 18 21:27:08 web2 sshd[23484]: fatal: Unable to negotiate a key exchange method [preauth] rule = 5752 alert = 2 decoder = sshd [invalid user] log 1 pass = 2013-10-30T14:51:21.901728+01:00 srv sshd[12664]: Postponed keyboard-interactive for invalid user warez from 192.241.237.101 port 54197 ssh2 [preauth] log 2 pass = 2013-10-30T14:51:24.140565+01:00 srv sshd[12664]: Failed keyboard-interactive/pam for invalid user warez from 192.241.237.101 port 54197 ssh2 log 3 fail = 2013-10-30T14:51:24.139258+01:00 srv sshd[12664]: error: PAM: User not known to the underlying authentication module for illegal user warez from 192.241.237.101 log 4 pass = 2013-10-30T14:51:30.267401+01:00 srv sshd[12671]: Invalid user opcione from 192.241.237.101 log 5 fail = 2013-10-30T14:51:30.267906+01:00 srv sshd[12671]: input_userauth_request: invalid user opcione [preauth] rule = 5710 alert = 5 decoder = sshd [failed to create session] log 1 pass = May 4 17:48:43 collectd sshd[15044]: pam_systemd(sshd:session): Failed to create session: Access denied rule = 5754 alert = 1 decoder = sshd [bad authorized_keys] log 1 pass = May 4 18:30:04 collectd sshd[15191]: Authentication refused: bad ownership or modes for file /home/ansible/.ssh/authorized_keys rule = 5755 alert = 2 decoder = sshd [subsystem failed] log 1 pass = May 5 05:00:38 junction sshd[28395]: subsystem request for netconf by user checker failed, subsystem not found rule = 5756 alert = 0 decoder = sshd [login failed] log 1 pass = Aug 18 07:30:25 192.168.1.5 sshd[20247]: [ID 800047 auth.notice] Failed none for root from 192.168.1.1 port 36942 ssh2 rule = 5716 alert = 5 decoder = sshd [bad dns] log 1 pass = Oct 20 12:33:07 ar-agent sshd[3433]: Address 192.168.18.54 maps to nmap.18.168.192.in-addr.arpa, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! rule = 5757 alert = 0 decoder = sshd [max auth attempts] log 1 pass = Dec 27 03:23:51 r1 sshd[21183]: error: maximum authentication attempts exceeded for root from 183.106.179.x port 34100 ssh2 [preauth] log 2 fail = Aug 31 10:19:36 hostname sshd[12079]: error: maximum authentication attempts exceeded for invalid user service from 202.188.45.36 port 37313 ssh2 [preauth] rule = 5758 alert = 8 decoder = sshd [bad protocol] log 1 pass = Jun 28 19:35:39 xxx sshd[30255]: Bad protocol version identification '' from 188.18.81.21 port 60787 rule = 5701 alert = 8 decoder = sshd [blocked by tcpwrapper] log 1 pass = Aug 30 18:12:54 hostname sshd[25350]: refused connect from 103.79.143.159 (103.79.143.159) rule = 2503 alert = 5 decoder = sshd