Can someone explain what this means?

ddaenen1

Patron
Joined
Nov 25, 2019
Messages
318
Looking for some clarification on this alert entry on one of my FreeNAS servers so i can start troubleshooting this. Not sure where to look right now.

[
WARNING
8 SSH login failures: Feb 29 21:10:03 FreeNAS-L3426 sshd[60533]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:10:04 FreeNAS-L3426 sshd[60537]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:33 FreeNAS-L3426 sshd[60608]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:35 FreeNAS-L3426 sshd[60615]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:36 FreeNAS-L3426 sshd[60617]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:39 FreeNAS-L3426 sshd[60629]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:40 FreeNAS-L3426 sshd[60631]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:52 FreeNAS-L3426 sshd[60648]: error: kex_exchange_identification: banner line contains invalid characters
Sun, 1 Mar 2020 12:00:31 AM (CET)
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,210
You didn't mention where you copied that from. I got the same thing but only one. I got an alert email with:
Code:
New alerts:
* 1 SSH login failures:
Mar 4 11:34:30 Tabernacle sshd[21355]: error: kex_exchange_identification: banner line contains invalid characters

I found it in /var/log/messages, but it doesn't mention login failure, just the part starting with date. There is no other event in the log about the same time.

I too would like to know what it means and what is causing it. It may be relevant that my ssh port is changed to an arbitrary, high-numbered port (has been for years).
 

ddaenen1

Patron
Joined
Nov 25, 2019
Messages
318
You didn't mention where you copied that from. I got the same thing but only one. I got an alert email with:
Code:
New alerts:
* 1 SSH login failures:
Mar 4 11:34:30 Tabernacle sshd[21355]: error: kex_exchange_identification: banner line contains invalid characters

I found it in /var/log/messages, but it doesn't mention login failure, just the part starting with date. There is no other event in the log about the same time.

I too would like to know what it means and what is causing it. It may be relevant that my ssh port is changed to an arbitrary, high-numbered port (has been for years).

Well, in my case, i have figured out what is causing this. It is related to scheduled Rsync backup from my Synology server to my FreeNAS server which uses SSH for the dat transfer. Fact is though that i have configured the backup using the 'root' credentials as i was struggling logging into FreeNAS with the directory owner but in FreeNAS, i blocked SSH for the 'root' UID. I know what the cause is now, but not sure how to resolve since i have been struggling from the start with getting access to FreeNAS share with a different UID than 'root'.
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,210
Hmm, I guess you have Services > SSH > 'Log in as root with password' turned off? Or how did you block root login? Do you by chance have the other option also turned off, 'Allow password authentication'. If so, you would need key authentication. I have both options off and use keys, and only log in as a regular user.
 

ddaenen1

Patron
Joined
Nov 25, 2019
Messages
318
Hmm, I guess you have Services > SSH > 'Log in as root with password' turned off? Or how did you block root login? Do you by chance have the other option also turned off, 'Allow password authentication'. If so, you would need key authentication. I have both options off and use keys, and only log in as a regular user.

Yes, i have that turned off. I don't have the other option turned off. The issue is though that i can't seem to access to share with other credentials than 'root'. I have been trying to figure this out for some time now but not successful thus far.
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,210
Yes, i have that turned off. I don't have the other option turned off. The issue is though that i can't seem to access to share with other credentials than 'root'. I have been trying to figure this out for some time now but not successful thus far.
I guess you've checked the dataset owner/group and access mode, and the share permission settings to make sure a user would have read/write permission? You might temporarily give all permissions to everyone and see if that allows access. Otherwise, you could consider posting the problem in the User Authentication forum, giving all the relevant dataset and share settings.
 

bwanajag

Dabbler
Joined
Feb 23, 2020
Messages
10
Has anyone found a solution for this? I'm having the same error:
Code:
* 1 SSH login failures:
Mar 30 15:39:28 freenas sshd[13376]: error: kex_exchange_identification: banner line contains invalid characters


My rsync task succeeded one time, every subsequent attempt has failed.

I ran the rsync task again and this was the error code that I received:
Code:
Error: Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/middlewared/job.py", line 349, in run
    await self.future
  File "/usr/local/lib/python3.7/site-packages/middlewared/job.py", line 388, in __run_body
    rv = await self.middleware.run_in_thread(self.method, *([self] + args))
  File "/usr/local/lib/python3.7/site-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread
    return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
  File "/usr/local/lib/python3.7/site-packages/middlewared/utils/io_thread_pool_executor.py", line 25, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 965, in nf
    return f(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/rsync.py", line 609, in run
    f'rsync command returned {cp.returncode}. Check logs for further information.'
middlewared.service_exception.CallError: [EFAULT] rsync command returned 23. Check logs for further information.
 

ddaenen1

Patron
Joined
Nov 25, 2019
Messages
318
Has anyone found a solution for this? I'm having the same error:
Code:
* 1 SSH login failures:
Mar 30 15:39:28 freenas sshd[13376]: error: kex_exchange_identification: banner line contains invalid characters


My rsync task succeeded one time, every subsequent attempt has failed.

I ran the rsync task again and this was the error code that I received:
Code:
Error: Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/middlewared/job.py", line 349, in run
    await self.future
  File "/usr/local/lib/python3.7/site-packages/middlewared/job.py", line 388, in __run_body
    rv = await self.middleware.run_in_thread(self.method, *([self] + args))
  File "/usr/local/lib/python3.7/site-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread
    return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
  File "/usr/local/lib/python3.7/site-packages/middlewared/utils/io_thread_pool_executor.py", line 25, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 965, in nf
    return f(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/rsync.py", line 609, in run
    f'rsync command returned {cp.returncode}. Check logs for further information.'
middlewared.service_exception.CallError: [EFAULT] rsync command returned 23. Check logs for further information.

I have given up on this one for the moment. I know for a fact that the errors are caused by my rsync backup from my Synology to a FreeNAS share and might even be able to fix it with setting up the backup process in Synology again from scratch but the backup is running fine so it is only the entries in FreeNAS once a week.
 

relli10

Cadet
Joined
Mar 20, 2015
Messages
9
I have discovered that using Synology HyperBackup to backup(push) to an 'rsync compatible server' will only work if you use the root user account for the remote server. It will not work with any other user account and I believe it is a Synology issue.
 

ddaenen1

Patron
Joined
Nov 25, 2019
Messages
318
I have discovered that using Synology HyperBackup to backup(push) to an 'rsync compatible server' will only work if you use the root user account for the remote server. It will not work with any other user account and I believe it is a Synology issue.

That is correct. I also struggled with that one. Fact is though that my rsync backup works perfect. It only causes this error but for the rest i there seems to be no issue.
 

Joe Fenton

Dabbler
Joined
May 5, 2015
Messages
40
I've been seeing this issue for a couple of months now too.
Code:
The following alert has been cleared:
* 1 SSH login failures:
May 17 17:18:32 freenas sshd[88186]: error: kex_exchange_identification: banner line contains invalid characters

Fairly regular emails with this, even though I haven't cleared this alert either. Is this a bug, or should I be more worried about security?
 

ddaenen1

Patron
Joined
Nov 25, 2019
Messages
318
I've been seeing this issue for a couple of months now too.
Code:
The following alert has been cleared:
* 1 SSH login failures:
May 17 17:18:32 freenas sshd[88186]: error: kex_exchange_identification: banner line contains invalid characters

Fairly regular emails with this, even though I haven't cleared this alert either. Is this a bug, or should I be more worried about security?

I still have them, twice per week when my scheduled backups from my Synology to my FreeNAS server are running. This didn't change since and the amount of login failures is every week exactly the same. Since this is LAN side only, not too worried on security. Wish that someone could share a fix for this. It is just annoying.
 
Last edited:

andrewjs18

Contributor
Joined
Oct 19, 2014
Messages
141
bumping this as I started getting emails with this error after upgrading from freenas 11.1 to 11.3:

error: kex_exchange_identification: banner line contains invalid characters

I do not use synology whatsoever, but I do use several rsync scripts to backup data from other servers..

has anyone found the root cause of this and what can be done to fix it?
 

no_connection

Patron
Joined
Dec 15, 2013
Messages
480
Does the other side try to connect with unsupported version/encryption and then choose the correct one?
 

ddaenen1

Patron
Joined
Nov 25, 2019
Messages
318
bumping this as I started getting emails with this error after upgrading from freenas 11.1 to 11.3:

error: kex_exchange_identification: banner line contains invalid characters

I do not use synology whatsoever, but I do use several rsync scripts to backup data from other servers..

has anyone found the root cause of this and what can be done to fix it?

I never got any useful reply on my post and i have started ignoring the error. I know it is the rsync backup from my Synology to FreeNAS which is scheduled once per week on the weekend and exactly then, FreeNAS generates this error.
 

andrewjs18

Contributor
Joined
Oct 19, 2014
Messages
141
I never got any useful reply on my post and i have started ignoring the error. I know it is the rsync backup from my Synology to FreeNAS which is scheduled once per week on the weekend and exactly then, FreeNAS generates this error.

I'd ignore it if the emails weren't daily.
 

Abrie

Cadet
Joined
Jun 11, 2021
Messages
1
Looking for some clarification on this alert entry on one of my FreeNAS servers so i can start troubleshooting this. Not sure where to look right now.

[
WARNING
8 SSH login failures: Feb 29 21:10:03 FreeNAS-L3426 sshd[60533]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:10:04 FreeNAS-L3426 sshd[60537]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:33 FreeNAS-L3426 sshd[60608]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:35 FreeNAS-L3426 sshd[60615]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:36 FreeNAS-L3426 sshd[60617]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:39 FreeNAS-L3426 sshd[60629]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:40 FreeNAS-L3426 sshd[60631]: error: kex_exchange_identification: banner line contains invalid characters Feb 29 21:13:52 FreeNAS-L3426 sshd[60648]: error: kex_exchange_identification: banner line contains invalid characters
Sun, 1 Mar 2020 12:00:31 AM (CET)

Hey I was also having this problem with this error.

Jun 11 11:10:59 ******* 1 2021-06-11T11:10:59.338924+02:00 *********** sshd 12926 - - error: kex_exchange_identification: banner line contains invalid characters

I think I might have found the cause of the problem, I was able to replicate the error remotely and locally by using Rlogin on PuTTY.

By using PaTTY and changing Connection type 2 : Rlogin and setting the port to my ssh port I was able to replicate the error on TrueNas.
So I take it someone is trying to log into the system by using Rlogin and the SSH port that is open on the system?
Not sure how to block it without just closing the SSH Port.
 
Top