Bug 2461 - Source IP missing in log when no suitable key exchange method found
Summary: Source IP missing in log when no suitable key exchange method found
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 6.0p1
Hardware: Other Linux
: P5 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-10 13:14 AEST by Karl Schmidt
Modified: 2016-08-02 10:41 AEST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karl Schmidt 2015-09-10 13:14:59 AEST 
Log entries such as these lack the attackers IP address

When unneeded ciphers/macs/KexAlgorithms are removed -- we get:

Jan 12 20:17:28 <<REMOVED>> sshd[8888]: fatal: Unable to negotiate a key exchange method [preauth]
Jan 12 20:19:16 <<REMOVED>> sshd[8890]: fatal: Unable to negotiate a key exchange method [preauth]

This prevents fail2ban and others from doing some useful attack mitigation. 

Also see:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-January/033328.html
Comment 1 Jakub Jelen 2015-09-10 16:47:38 AEST 
I believe this is fixed in current openssh 7.1. I see in log:

Sep 10 08:42:12 localhost sshd[26793]: fatal: Unable to negotiate with 192.168.100.243: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1 [preauth]

Upstream commit:
https://anongit.mindrot.org/openssh.git/commit/?id=f319912b0d0e1675b8bb051ed8213792c788bcb2
Comment 2 Damien Miller 2015-09-11 13:22:27 AEST 
Yes, this was fixed in 7.0
Comment 3 Damien Miller 2016-08-02 10:41:28 AEST 
Close all resolved bugs after 7.3p1 release