Solved: Re: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from...

ashik.bc · ‎05-27-2019

Hello All,

Am getting below log in my internet switch where 2 ISP are connected.

model:C3560CX

Version 15.2(4r)E3

Error--%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 113.16.213.217

Mark Malone · ‎05-27-2019

Hi
are you based in China ? that's where that connection came from , tried to access your device but got blocked

war version of SSH are you running make sure its V2 and teh keys are like 2048 or 1024 minimum , make sure theres a an ACL on your VTY port

login block will help too for repeated attempts automatic

login block-for 300 attempts 10 within 60
login quiet-mode access-class (ACL VTY NO)

View solution in original post

Mark Malone · ‎05-27-2019

Hi
are you based in China ? that's where that connection came from , tried to access your device but got blocked

war version of SSH are you running make sure its V2 and teh keys are like 2048 or 1024 minimum , make sure theres a an ACL on your VTY port

login block will help too for repeated attempts automatic

login block-for 300 attempts 10 within 60
login quiet-mode access-class (ACL VTY NO)

ashik.bc · ‎05-27-2019

Hello Mark,

How can i apply ACL ,here will it be inbound or outbound.

this is our internal segment--172.X.X.X

Mark Malone · ‎05-27-2019

Hi
It would be inbound like below example , then permit and deny whats required
Example
access-list 186 permit tcp host 172.19.194.2 any eq 22
access-list 186 deny ip any any log

line vty 0
access-class 186 in
exec-timeout 30 0
no activation-character
transport input ssh

Leo Laohoo · ‎05-27-2019

The error message means that a bot/botnet is doing an SSH sweep to discover any devices with weak authentication.
Recommend that you set up an ACL on the router to block the offending IP address.