Bug#858765: marked as done (openssh-server: Should log client IP address with "Unable to negotiate a key exchange method")

To: Colin Watson <cjwatson@debian.org>
Subject: Bug#858765: marked as done (openssh-server: Should log client IP address with "Unable to negotiate a key exchange method")
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 02 Apr 2017 01:09:03 +0000
Message-id: <[🔎] handler.858765.D858765.149109525623137.ackdone@bugs.debian.org>
References: <20170402010729.GK9002@riva.ucam.org> <20170326111520.27070.35459.reportbug@vsvr.de>

Your message dated Sun, 2 Apr 2017 02:07:29 +0100
with message-id <20170402010729.GK9002@riva.ucam.org>
and subject line Re: Bug#858765: openssh-server: Should log client IP address with "Unable to negotiate a key exchange method"
has caused the Debian Bug report #858765,
regarding openssh-server: Should log client IP address with "Unable to negotiate a key exchange method"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
858765: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858765
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openssh-server: Should log client IP address with "Unable to negotiate a key exchange method"
From: "Ralf G. R. Bergs" <Ralf+Debian@Bergs.biz>
Date: Sun, 26 Mar 2017 11:15:20 +0000
Message-id: <20170326111520.27070.35459.reportbug@vsvr.de>

Package: openssh-server
Version: 1:6.7p1-5+deb8u3
Severity: wishlist

Dear Maintainer,

I'm seeing massive loads of the following message in my logfile:

sshd[18737]: fatal: Unable to negotiate a key exchange method [preauth]

I'm pretty sure this is due to some scans.

I think it would be very helpful to see the client's IP address for
these log messages. I've already increased LogLevel to verbose, still
the IP address is missing.

Thanks for looking into and possibly considering my suggestion.

Kr,

Ralf

-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages openssh-server depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.56
ii  dpkg                   1.17.27
ii  init-system-helpers    1.22
ii  libc6                  2.19-18+deb8u7
ii  libcomerr2             1.42.12-2+b1
ii  libgssapi-krb5-2       1.12.1+dfsg-19+deb8u2
ii  libkrb5-3              1.12.1+dfsg-19+deb8u2
ii  libpam-modules         1.1.8-3.1+deb8u2
ii  libpam-runtime         1.1.8-3.1+deb8u2
ii  libpam0g               1.1.8-3.1+deb8u2
ii  libselinux1            2.3-2
ii  libssl1.0.0            1.0.1t-1+deb8u6
ii  libwrap0               7.6.q-25
ii  lsb-base               4.1+Debian13+nmu1
ii  openssh-client         1:6.7p1-5+deb8u3
ii  openssh-sftp-server    1:6.7p1-5+deb8u3
ii  procps                 2:3.3.9-9
ii  zlib1g                 1:1.2.8.dfsg-2+b1

Versions of packages openssh-server recommends:
ii  ncurses-term  5.9+20140913-1
ii  xauth         1:1.0.9-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information:
  openssh-server/permit-root-login: false
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen:
  ssh/vulnerable_host_keys:
* ssh/use_old_init_script: true

--- End Message ---

--- Begin Message ---

To: "Ralf G. R. Bergs" <Ralf+Debian@Bergs.biz>, 858765-done@bugs.debian.org

Subject: Re: Bug#858765: openssh-server: Should log client IP address with "Unable to negotiate a key exchange method"

From: Colin Watson <cjwatson@debian.org>

Date: Sun, 2 Apr 2017 02:07:29 +0100

Message-id: <20170402010729.GK9002@riva.ucam.org>

In-reply-to: <20170326111520.27070.35459.reportbug@vsvr.de>

References: <20170326111520.27070.35459.reportbug@vsvr.de>
Source: openssh
Source-Version: 1:6.9p1-1

On Sun, Mar 26, 2017 at 11:15:20AM +0000, Ralf G. R. Bergs wrote:
> I'm seeing massive loads of the following message in my logfile:
> 
> sshd[18737]: fatal: Unable to negotiate a key exchange method [preauth]
> 
> I'm pretty sure this is due to some scans.
> 
> I think it would be very helpful to see the client's IP address for
> these log messages. I've already increased LogLevel to verbose, still
> the IP address is missing.

It looks as though this was fixed upstream around OpenSSH 6.8p1.  It was
part of a thorough refactoring of the code that handles fatal errors in
packet processing, so is really not at all sensibly cherry-pickable to
stable, but you should find things much better once stretch is released.
This message now looks something like this, with substitutions:

  Unable to negotiate with <IP> port <PORT>: <ERROR>. Their offer: <OFFER>

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]
--- End Message ---

Reply to:

Prev by Date: Bug#237272: marked as done (ssh: PAM session optional modules are not called if UsePrivilegeSeparation is off)
Next by Date: Bug#241496: marked as done (sshd_config overwritten during upgrade)
Previous by thread: Bug#237272: marked as done (ssh: PAM session optional modules are not called if UsePrivilegeSeparation is off)
Next by thread: Bug#241496: marked as done (sshd_config overwritten during upgrade)
Index(es):
- Date
- Thread