cometship Posted January 17, 2022 Share Posted January 17, 2022 (edited) What are these login attempts in system log? Googling shows is related to SSH from 192.168.1.1. I see about 100 of these warning over a 2 sec interval in sys log every few days. Is these an SSH attempt from router gateway, or coming from another network device? Hopefully not from the internet. Thanks Jan 16 02:19:24 NASBoy sshd[4420]: Connection from 192.168.1.1 port 57549 on 192.168.1.242 port 22 rdomain "" Jan 16 02:19:24 NASBoy sshd[4420]: Unable to negotiate with 192.168.1.1 port 57549: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth] .... (many attempts over 2 sec) Edited January 17, 2022 by cometship Quote Link to comment
JonathanM Posted January 17, 2022 Share Posted January 17, 2022 Are you running a netgear router with armor enabled? If so, turn it off and see if the messages stop. Quote Link to comment
cometship Posted January 17, 2022 Author Share Posted January 17, 2022 No. I have a Gryphon tower AC3000. Quote Link to comment
Solution cometship Posted January 19, 2022 Author Solution Share Posted January 19, 2022 Turns out this is port scan from Gryphon. I disabled SSH port un UNRAID management tab since I don't use ssh. From Gryphon support: "Our Gryphon has a firewall that will block/filter inbound traffic. the Gryphon regularly scans ports that are open and will give you a notification for an open port. You will then determine if that port is used by an application or website and is safe to leave as open. Here are some options you can choose for a port scan detection result. 1. Quarantine - can’t access the internet on the rogue device (stops the device) 2. Monitor – to monitor the device and keep you posted. 3. Delete – delete the notification but will notify again when there is another scan 4. Ignore - will NOT notify the user for 7 days The quarantine will have your device totally blocked. Thank you, Gryphon Support/FE Customer Support Line +1 (480) 428-4016" Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.