Michael Kimling
Cadet
- Joined
- Jul 28, 2022
- Messages
- 3
Hello, everyone.
Trying to track down an alert I started receiving recently. I was configuring Veeam to send backup jobs to my server, and I started receiving this alert message daily:
FreeNAS @ (SERVERNAME)
New alert:
* 23 SSH login failures:
Jul 27 00:08:08 (SERVERNAME) sshd[62185]: error: kex_exchange_identification: client sent invalid protocol identifier " "
Jul 27 01:13:12 (SERVERNAME) sshd[63135]: error: kex_exchange_identification: client sent invalid protocol identifier " "
… 19 more …
Jul 27 22:54:36 (SERVERNAME) sshd[82076]: error: kex_exchange_identification: client sent invalid protocol identifier " "
Jul 27 23:59:41 (SERVERNAME) sshd[82988]: error: kex_exchange_identification: client sent invalid protocol identifier " "
Searching through other similar sshd forum posts, everyone seems to be able to get a log entry with an IP address attached to it to help track down the offender. I have uninstalled my Veeam test configuration, but these alerts are still generating, so I'm at a loss as to what device might be causing this problem. It's basically on an hourly cadence, so some automated process is trying to log in via SSH here.
Where would I find a log message that records the source of my bad SSH requests, or how would I increase the logging detail to capture this information?
Thanks for the help.
Trying to track down an alert I started receiving recently. I was configuring Veeam to send backup jobs to my server, and I started receiving this alert message daily:
FreeNAS @ (SERVERNAME)
New alert:
* 23 SSH login failures:
Jul 27 00:08:08 (SERVERNAME) sshd[62185]: error: kex_exchange_identification: client sent invalid protocol identifier " "
Jul 27 01:13:12 (SERVERNAME) sshd[63135]: error: kex_exchange_identification: client sent invalid protocol identifier " "
… 19 more …
Jul 27 22:54:36 (SERVERNAME) sshd[82076]: error: kex_exchange_identification: client sent invalid protocol identifier " "
Jul 27 23:59:41 (SERVERNAME) sshd[82988]: error: kex_exchange_identification: client sent invalid protocol identifier " "
Searching through other similar sshd forum posts, everyone seems to be able to get a log entry with an IP address attached to it to help track down the offender. I have uninstalled my Veeam test configuration, but these alerts are still generating, so I'm at a loss as to what device might be causing this problem. It's basically on an hourly cadence, so some automated process is trying to log in via SSH here.
Where would I find a log message that records the source of my bad SSH requests, or how would I increase the logging detail to capture this information?
Thanks for the help.
OS Version: FreeNAS-11.3-U5
Model: SuperMicro Server
CPU: Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
Memory: 64 GiB
Pool: POOL-36x12TB, RAIDZ2, 4 Vdevs
Model: SuperMicro Server
CPU: Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
Memory: 64 GiB
Pool: POOL-36x12TB, RAIDZ2, 4 Vdevs
