| 1 |
On 02/21/2011 11:48 AM, Jarry wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> I just noticed my /var/log/sshd.log is suddenly somehow big. |
| 5 |
|
| 6 |
That's interesting. I have no such logfile. Did you change something |
| 7 |
in /etc/ssh/sshd_config? |
| 8 |
|
| 9 |
Oh, wait, I'm running openssh-5.8-p1, and my config file says the logging |
| 10 |
configuration has eliminated the "FascistLogging" option. (Nerds are a |
| 11 |
laugh a minute, eh?) |
| 12 |
|
| 13 |
> After checking it out I have found a lot of messages like this: |
| 14 |
> |
| 15 |
>> 2011-02-21T03:49:21+00:00 obelix sshd[19767]: SSH: Server;Ltype: |
| 16 |
>>Version;Remote: my.ip.add.ress-56254;Protocol: 2.0;Client: |
| 17 |
>>OpenSSH_5.8p1-hpn13v10 |
| 18 |
|
| 19 |
> |
| 20 |
> This message was recorded on 2011-02-14T17:45:24+00:00 for |
| 21 |
> the first time, and since then exactly every 2 minutes. |
| 22 |
> I think it was the day when I updated to openssh-5.6-p1-r2. |
| 23 |
|
| 24 |
So, if your machine is running openssh-5.6 server, then whose machine |
| 25 |
is running an openssh-5.8 client? |
| 26 |
|
| 27 |
Could it be your cable or DSL router? I can ssh into my DSL router, |
| 28 |
but it doesn't send me any traffic unless I send some first. |
| 29 |
|
| 30 |
I'd use a sniffer like ngrep or wireshark to see who is poking at your |
| 31 |
ssh port, if anyone really is. |
| 32 |
|
| 33 |
Anyway, my sshd_config file (version 5.8) has a "LogLevel" setting. |
| 34 |
In your case I'd be tempted to increase the verbosity to figure out |
| 35 |
what the messages are really trying to tell you. |
Archives