Some places may be querying your server to make sure that you are running a
SSH server instead of something like AIM. Quite often firewalls can't
identify that the protocol being used on port 22 is really SSH or something
else. So what they do is yank all the hosts out of the logs, run a program
that connects and looks for the "hello" string, and then log a "yes", "no",
or unable to connect based on the results. Then, sites that do not follow
the protocol would be blocked at the firewall. Hypothetically speaking of
course.
Alternatively, it could be a port scanner that is looking for ways into your
box.
-----Original Message-----
From: Atro Tossavainen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 06, 2000 7:14 AM
To: Devitt, Karl
Cc: [EMAIL PROTECTED]
Subject: Re: Bad protocol version identification 'quit
Dear Karl,
> can anyone explain the cause of this error, entry from syslog;
> Sep 6 09:55:24 eagle sshd[12341]: Bad protocol version identification
'quit
This is what it probably looks like at the other end of the wire:
$ telnet eagle 22
Trying...
Connected to eagle.
Escape character is '^]'.
SSH-1.5-1.2.27 <-- daemon "hello" string
quit <-- manual user response
Protocol mismatch. <-- daemon recognises user as "not a ssh client" :-)
Connection closed by foreign host.
Maybe somebody tries to use telnet to connect via ssh and doesn't
realise they need a separate program...
--
Atro Tossavainen (Mr.) | The Institute of Biotechnology at the
Systems Analyst | University of Helsinki, Finland, employs
+358-9-19158939 | me, but my opinions are my own.
< URL : http : / / www . iki . fi / atro . tossavainen / >
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
