Is an SSH banner exchange request the opening move of a hacking attempt?

I have a server listening for SSH login requests. Occasionally I see requests for a banner exchange from distant computers. These are all refused by my server.

Are banner exchanges innocuous or could they be the first step in a hacking attempt? I’ve done a good bit of internet searching and found nothing to suggest that hackers use this.

I’m not going to let the banner exchanges occur, even if they are safe, but am curious about the subject. Has anyone seen trouble come from banner exchanges?

I have not heard of that used as hacking, but I’d be interested in any information someone might have too.

This seems to think it requires attention

1 Like