Message from OSSEC about fatal: no matching cipher found:

I've been get several emails about a Rule 1002 and it has to do with, sshd[31615]: fatal: no matching cipher found: client aes256-cbc,,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none server aes128-ctr,aes192-ctr,aes256-ctr,,, [preauth]

I'm not sure what it is or how I can fix it.

1 Reply

That's a common error triggered by SSH scanning bots and the like when you've configured sshd to only use modern ciphers, because they tend to use really ancient versions of libssh, or whatever SSH client is available on the compromised system they're running from. You can safely ignore those messages.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct