| 1 |
On 22. 2. 2011 0:42, walt wrote: |
| 2 |
> On 02/21/2011 11:48 AM, Jarry wrote: |
| 3 |
>> Hi, |
| 4 |
>> |
| 5 |
>> I just noticed my /var/log/sshd.log is suddenly somehow big. |
| 6 |
> |
| 7 |
> That's interesting. I have no such logfile. Did you change something |
| 8 |
> in /etc/ssh/sshd_config? |
| 9 |
|
| 10 |
I forgot to say: I have set up filter for ssh-messages. |
| 11 |
They would be otherwise logged probably into /var/log/messages |
| 12 |
|
| 13 |
> Oh, wait, I'm running openssh-5.8-p1, and my config file says the logging |
| 14 |
> configuration has eliminated the "FascistLogging" option. (Nerds are a |
| 15 |
> laugh a minute, eh?) |
| 16 |
> |
| 17 |
>> After checking it out I have found a lot of messages like this: |
| 18 |
>> |
| 19 |
>>> 2011-02-21T03:49:21+00:00 obelix sshd[19767]: SSH: Server;Ltype: |
| 20 |
>>> Version;Remote: my.ip.add.ress-56254;Protocol: 2.0;Client: |
| 21 |
>>> OpenSSH_5.8p1-hpn13v10 |
| 22 |
> |
| 23 |
>> |
| 24 |
>> This message was recorded on 2011-02-14T17:45:24+00:00 for |
| 25 |
>> the first time, and since then exactly every 2 minutes. |
| 26 |
>> I think it was the day when I updated to openssh-5.6-p1-r2. |
| 27 |
> |
| 28 |
> So, if your machine is running openssh-5.6 server, then whose machine |
| 29 |
> is running an openssh-5.8 client? |
| 30 |
|
| 31 |
No, my machine has openssh-5.8_p1-r1. But these messages |
| 32 |
startet since I updated to 5.6-p1-r2. Later I updated |
| 33 |
to 5.8_p1-r1, and they still keep comming. So up to |
| 34 |
5.6-p1-r1 everything was normal, but since 5.6-p1-r2 |
| 35 |
I have these strange log messages... |
| 36 |
|
| 37 |
> Could it be your cable or DSL router? I can ssh into my DSL router, |
| 38 |
> but it doesn't send me any traffic unless I send some first. |
| 39 |
|
| 40 |
I doubt about it. There is not dsl-router, just switch and |
| 41 |
direct connection to internet. Funny is, that "my.ip.add.ress" |
| 42 |
is actually IP-address of this server, and exactly the same |
| 43 |
IP on which sshd is running. So if "my.ip.add.ress" is "remote", |
| 44 |
then it seems my server is trying to connect my server. |
| 45 |
Very strange... |
| 46 |
|
| 47 |
|
| 48 |
> I'd use a sniffer like ngrep or wireshark to see who is poking at your |
| 49 |
> ssh port, if anyone really is. |
| 50 |
> |
| 51 |
> Anyway, my sshd_config file (version 5.8) has a "LogLevel" setting. |
| 52 |
> In your case I'd be tempted to increase the verbosity to figure out |
| 53 |
> what the messages are really trying to tell you. |
| 54 |
|
| 55 |
OK, I'll try it. Though in reality, I would actually like |
| 56 |
to decrease somehow this verbosity. My sshd.log gets terribly |
| 57 |
big, and is rotated every day... |
| 58 |
|
| 59 |
Jarry |
| 60 |
|
| 61 |
-- |
| 62 |
_______________________________________________________________ |
| 63 |
This mailbox accepts e-mails only from selected mailing-lists! |
| 64 |
Everything else is considered to be spam and therefore deleted. |
Archives