AW: auth log full with

To: "'Reco'" <recoverym4n@enotuniq.net>, <debian-user@lists.debian.org>
Subject: AW: auth log full with
From: "Maurizio Caloro" <maurizio@caloro.ch>
Date: Sun, 14 Aug 2022 08:57:47 +0200
Message-id: <[🔎] 004b01d8afab$2a596640$7f0c32c0$@caloro.ch>
Reply-to: <maurizio@caloro.ch>
In-reply-to: <[🔎] E1oN5i6-0000TE-Io@enotuniq.net>
References: <[🔎] 002d01d8af3c$0eb21500$2c163f00$@caloro.ch> <[🔎] E1oN5i6-0000TE-Io@enotuniq.net>

On Sat, Aug 13, 2022 at 07:42:28PM +0200, Maurizio Caloro wrote:

>As /etc/fail2ban/filter.d/sshd.conf shows, "no matching host key type"
>messages are specifically ignored by Mode=normal.
>Try setting Mode=aggressive, it should catch those.
>
>Of course, DROPping ssh connections from AS28594 would work too. Unless
you're from Brazil, that is.
>
>Reco

Thanks for you answer, yes add aggressive to mode, restart services and add
to ssh_config

Host *
    HostKeyAlgorithms +ssh-rsa,ssh-dss
    PubkeyAcceptedKeyTypes +ssh-rsa,ssh-dss


But still auth logs everysecond with:

Aug 14 08:53:20 lenovo sshd[270588]: Unable to negotiate with 80.92.231.239
port 38675: no matching host key type found. Their offer:
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp
256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2
-nistp521-cert-v01@openssh.com,ssh-rsa,ssh-dss [preauth]

Thanks
Mauri

Reply to:

Follow-Ups:
- Re: auth log full with
  - From: Reco <recoverym4n@enotuniq.net>

References:
- auth log full with
  - From: "Maurizio Caloro" <maurizio@caloro.ch>
- Re: auth log full with
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: Verison IPv6 -- I want to stick with IPv4 (was Re: ipv6: static ipv6 address with dynamic network address possible?)
Next by Date: Re: auth log full with
Previous by thread: Re: auth log full with
Next by thread: Re: auth log full with
Index(es):
- Date
- Thread