RE: [hobbit] RE: [SOLVED][hobbit] sshd notification in syslog

["Schwimmer, Eric E *HS" <EES2Y (at) hscmail.mcc.virginia.edu>]

Hrm, the first string (SSH-2.0-Sun_SSH_1.0.1) should
have worked (or at least, it works on my server running the openssh
version of sshd).  

Have you tried telneting into the port and  typing the version number
in yourself?  If it accepts it, you'll get some crazy diffie-hellman 
text, otherwise it will spit a protocol mismatch line back at you.

Also, silly question, but did you make sure to include to '\r\n' at
the end of the message?  If you did, you might want to try messing
with that (changing it to just '\r' or '\n') because the protocol
error in your syslog looks a little weird (extra newline), so I'm
wondering if there isnt something wrong there.

-Eric 

> -----Original Message-----
> From: McGraw, Robert P. [mailto:rmcgraw (at) purdue.edu] 
> Sent: Thursday, March 02, 2006 2:19 PM
> To: hobbit (at) hswn.dk
> Subject: RE: [hobbit] RE: [SOLVED][hobbit] sshd notification in syslog
> 
> I am having the same problem and trying to follow your instructions.
> 
>  
> 
> I ran
> 
>  
> 
>  ##R##-zorn->[227] ##> ssh -V
> 
> Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
> 
>  
> 
> To get the version number.
> 
>  
> 
> I also ran telnet host 22 and got back the following 
> 
>  
> 
> SSH-2.0-Sun_SSH_1.0.1
> 
>  
> 
> I have tried the following 
> 
>  
> 
> SSH-2.0-Sun_SSH_1.0.1
> 
> Sun_SSH_1.1
> 
> Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
> 
>  
> 
> as the version number with no luck. 
> 
>  
> 
> I keep getting the following message log.
> 
>  
> 
> Mar  2 14:03:47 zada.math.purdue.edu sshd[29349]: [ID 800047 
> auth.info] Bad protocol version identification 'Sun_SSH_1.1
> 
> Mar  2 14:03:47 zada.math.purdue.edu ' from 128.210.3.176
> 
>  
> 
> The only change in the log message is the version 
> identification string.
> 
>  
> 
> How do I find the right version number to use?
> 
>  
> 
> Thanks
> 
>  
> 
> Robert
> 
>  
> 
>  
> 
>  
> 
> _____________________________________________________________________
> 
> Robert P. McGraw, Jr.
> 
> Manager, Computer System                                      
>    EMAIL: rmcgraw (at) purdue.edu
> 
> Purdue University                                             
>              ROOM: MATH-807
> 
> Department of Mathematics                                     
>    PHONE: (765) 494-6055
> 
> 150 N. University Street                                      
>             FAX: (419) 821-0540
> 
> West Lafayette, IN 47907-2067            
> 
> ________________________________
> 
> From: thomas.seglard.enata (at) cnp.fr 
> [mailto:thomas.seglard.enata (at) cnp.fr] 
> Sent: Thursday, March 02, 2006 12:21 PM
> To: hobbit (at) hswn.dk
> Subject: [hobbit] RE: [SOLVED][hobbit] sshd notification in syslog
> 
>  
> 
> 
> Thank you ! 
> 
> the second option (the one you preferred) was a good bet ! 
> I added the lines as you indicate and that's solved my problem. 
> 
> Best regards, 
> 
> Thomas Seglard 
> 
> "Schwimmer, Eric E *HS" <EES2Y (at) hscmail.mcc.virginia.edu> a 
> écrit sur 02/03/2006 17:31:10 :
> 
> > 
> > Three posibilities, off the top of my head:
> > 
> > On the client side:
> > 1. Install syslog-ng instead of ksyslogd, and
> >    filter on the ip address of your hobbit server.
> > 2. Call your logrotate script (assuming you use one)
> >    more often, and/or make it compress your old syslog
> >    messages.
> > 
> > On the hobbit server side:
> > (this is my preferred option)
> > 1. change your bb-services file ($HOBBIT/server/etc/bb-services)
> >    so that ssh test sends the version string.  I think that will
> >    stop your sshd from complaining.
> > 
> > ie.:
> > 
> > [ssh|ssh1|ssh2]
> >    send "SSH-2.0-OpenSSH_4.1\r\n"
> >    expect "SSH"
> >    options banner
> >    port 22
> 
> 
> 
>