'sshd[xxx]: Bad protocol version identification 'XX' from a.b.c.d' or 'Did not receive identification string from a.b.c.d' in /var/log/secure

Solution Verified - Updated -

Issue

The messages log contains entries similar to those given below.

Mar 12 22:31:14 hostname sshd[772]: Did not receive identification string from a.b.c.d
Mar 12 22:31:14 hostname sshd[820]: Did not receive identification string from a.b.c.d
Mar 12 22:33:38 hostname vsftpd(pam_unix)[855]: check pass; user unknown
Mar 12 22:33:38 hostname vsftpd(pam_unix)[855]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=a.b.c.d 
Mar 12 22:33:40 hostname sshd[857]: Did not receive identification string from a.b.c.d
Mar 12 22:33:40 hostname sshd[858]: Address a.b.c.d maps to station.example.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Mar 12 22:33:40 hostname vsftpd(pam_unix)[855]: check pass; user unknown
Mar 12 22:33:40 hostname vsftpd(pam_unix)[855]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=a.b.c.d 
Mar 12 22:33:43 hostname vsftpd(pam_unix)[860]: check pass; user unknown
Mar 12 22:33:43 hostname vsftpd(pam_unix)[860]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=a.b.c.d 
Mar 12 22:33:45 hostname vsftpd(pam_unix)[860]: check pass; user unknown
Mar 12 22:33:45 hostname vsftpd(pam_unix)[860]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=a.b.c.d 
....
Mar 12 22:35:07 hostname sshd[954]: Bad protocol version identification 'id' from a.b.c.d
Mar 12 22:35:28 hostname sshd[999]: Did not receive identification string from a.b.c.d
Mar 12 22:35:45 hostname sshd[1002]: Did not receive identification string from a.b.c.d
Mar 12 22:35:49 hostname sshd[1003]: Did not receive identification string from a.b.c.d
Mar 12 22:36:01 hostname sshd[1013]: Did not receive identification string from a.b.c.d
Mar 12 22:38:29 hostname sshd[15088]: Bad protocol version identification 'GET / HTTP/1.0' from 192.168.122.1

In some cases below logs also occurs:

Bad protocol version identification '\026\003\001' from a.b.c.d port 60502

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • openssh

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content