My authlog file contains entries like this: sshd[89023]: error: kex_exchange_identification: banner line contains invalid characters but I can't find the IP address of the host which triggered this by looking for more log entries of sshd with the same pid.
Would it make sense to add ssh_remote_ipaddr(ssh) to those error_f() calls in kex_exchange_identification() to identify the client? That might be useful to block repeated offenders via pf. -- Address is valid for this mailing list only, please do not reply to it direcly, but to the list.
