Those messages indicate that your SSH server attempted to send an identification string (usually the SSH protocol version) to the client connecting from the IP address 206.168.34.210 on various ports, but it was unable to do so. This failure typically happens if the client closes the connection before the string is sent or if there’s a network issue.
Ports 40828, 40844, 46502, and 59586 are ephemeral ports, which are typically used by clients during outbound connections. The fact that multiple ports were used might suggest a scan or a series of connection attempts. I'd guess a compromised ISP customer, or a curious kiddo scanning the Internet. On Mon, Aug 12, 2024, 06:37 Rich Shepard <[email protected]> wrote: > This morning's log watch report for yesterday showed SSH entries I've not > before seen: > > --------------------- SSHD Begin ------------------------ > > **Unmatched Entries** > Could not write ident string to 206.168.34.210 port 40828 : 1 Time > Could not write ident string to 206.168.34.210 port 40844 : 1 Time > Could not write ident string to 206.168.34.210 port 46502 : 1 Time > Could not write ident string to 206.168.34.210 port 59586 : 1 Time > > ---------------------- SSHD End ------------------------- > > Normally, the only time I see a ssh log report is after rebooting. This IP > address is an ISP in Ann Arbor, MI and I had not tried to connect to them, > and they (or one of their customers) should have no reason to contact me. > Unless this was an intrusion attempt. > > I'd appreciate an explanation. > > TIA, > > Rich > > >
