Well, duh. HTTPS.
DES
--
Dag-Erling Smørgrav - d...@des.no
I am not sure, what that means, but 443 is https and when you try to
connect to port 443, a local proxy gets information what kind of server
is listening at that port.
> How can I figure out what that means, so I know whether I'm seeing
> port-scanning and what kind?
You can run a tool like stunnel on your server port 443 and redirect the
input to port 22. Then, you need stunnel or socat at your remote laptop,
to redirect and encrypt ssh output to your server.
in my laptops ~/.ssh/config there is a part like
Host athome_viassl
HostName MyHostAtHome
Port 443
HostKeyAlias MylocalSSH-Server
CheckHostIP no
ProxyCommand socat -
SSL:%h:%p,cafile="My-ssl-server-cert.crt",cert="My-remote-ssl-key.pem"
so a simple ssh athome_viassl does the trick.
> thanks
>
>
> That's what I'd expect, but I'm seeing a lot of different, really
> strange "version identification" strings: Here's a selection from my
> logs:
An SSH server expects the first thing that the client sends to be a
version string. But since you're running your server on the HTTPS port,
you're getting connections from clients that are sending encrypted SSL
traffic. This is just meaningless, binary garbage to the SSH server.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
> Barry Margolin wrote:
>
> > In article <50Y0IZQF4024...@reece.net.au>,
> > Bob Fnord <b...@example.com> wrote:
> > > That's what I'd expect, but I'm seeing a lot of different, really
> > > strange "version identification" strings: Here's a selection from my
> > > logs:
> >
> > An SSH server expects the first thing that the client sends to be a
> > version string. But since you're running your server on the HTTPS port,
> > you're getting connections from clients that are sending encrypted SSL
> > traffic. This is just meaningless, binary garbage to the SSH server.
>
> OK, thanks, I'll keep ignoring it.
> I wondered if there was something I could "decipher" in there,
> just to satisfy my own curiosity.
Well, if you look up the specification of the SSL protocol, you might be
able to translate that binary garbage to it and see what it's sending.
It's presumably just the normal SSL initial encryption negotiation.