Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 14983 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sshd[7846]: Bad protocol version identification ' ' from 192.168.0.10

yashax
I am constantly getting this message from syslog server?  Any ideas?

Syslog message:
Facility: 4 
Priority: 6 
Source: fw

Message:
sshd[7846]: Bad protocol version identification '  ' from 192.168.0.10


This thread was automatically locked due to age.
Parents
  • 0
    what is 192.168.0.10 (OS, ssh client)?
    did you start the client with a verbose option?
  • 0 in reply to lop
    192.168.0.10 is the monitoring box that queries port 22 (ssh) to make sure that it's active.  Everytime that it checks, the firewall generates that message.

    lop, thank you for your help with my issue on SMTP Virus Checking.  I posted another reply and need your help.

    Please follow this link
  • 0 in reply to yashax
    hi,

    what kind of 'query/monitoring' is it? if the monitoring box does just a telnet to port 22 of the ASL-box and closes without any handshaking, you'll get these syslog entries:

    ex:
    telnet fw 22

    syslog:
    Nov 27 19:19:08 fw sshd[1861]: Bad protocol version identification 'ÿôÿý^F  ' from 192.168.xxx.xxx

    maybe you should optimize your monitoring tool.

    bye,
    michael
Reply
  • 0 in reply to yashax
    hi,

    what kind of 'query/monitoring' is it? if the monitoring box does just a telnet to port 22 of the ASL-box and closes without any handshaking, you'll get these syslog entries:

    ex:
    telnet fw 22

    syslog:
    Nov 27 19:19:08 fw sshd[1861]: Bad protocol version identification 'ÿôÿý^F  ' from 192.168.xxx.xxx

    maybe you should optimize your monitoring tool.

    bye,
    michael
Children
No Data
Unfiltered HTML