After hardening my ssh server I am now seeing quite a lot of the following messages:
Mar 13 10:16:41 XXXXXXX sshd: Unable to negotiate with X.X.X.X port 58623: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
After reading the documentation I see that system.auth.ssh.event currently only have "Accepted", "Failed" or "Invalid" as possible values.
I'm not sure if this failure to negotiate error belongs in exactly this event but it would be nice to get that parsed so we can alert on these attempts/errors.
Any thoughts/feedback on this?