1 |
On 22. 2. 2011 0:42, walt wrote: |
2 |
> On 02/21/2011 11:48 AM, Jarry wrote: |
3 |
>> Hi, |
4 |
>> |
5 |
>> I just noticed my /var/log/sshd.log is suddenly somehow big. |
6 |
> |
7 |
> That's interesting. I have no such logfile. Did you change something |
8 |
> in /etc/ssh/sshd_config? |
9 |
|
10 |
I forgot to say: I have set up filter for ssh-messages. |
11 |
They would be otherwise logged probably into /var/log/messages |
12 |
|
13 |
> Oh, wait, I'm running openssh-5.8-p1, and my config file says the logging |
14 |
> configuration has eliminated the "FascistLogging" option. (Nerds are a |
15 |
> laugh a minute, eh?) |
16 |
> |
17 |
>> After checking it out I have found a lot of messages like this: |
18 |
>> |
19 |
>>> 2011-02-21T03:49:21+00:00 obelix sshd[19767]: SSH: Server;Ltype: |
20 |
>>> Version;Remote: my.ip.add.ress-56254;Protocol: 2.0;Client: |
21 |
>>> OpenSSH_5.8p1-hpn13v10 |
22 |
> |
23 |
>> |
24 |
>> This message was recorded on 2011-02-14T17:45:24+00:00 for |
25 |
>> the first time, and since then exactly every 2 minutes. |
26 |
>> I think it was the day when I updated to openssh-5.6-p1-r2. |
27 |
> |
28 |
> So, if your machine is running openssh-5.6 server, then whose machine |
29 |
> is running an openssh-5.8 client? |
30 |
|
31 |
No, my machine has openssh-5.8_p1-r1. But these messages |
32 |
startet since I updated to 5.6-p1-r2. Later I updated |
33 |
to 5.8_p1-r1, and they still keep comming. So up to |
34 |
5.6-p1-r1 everything was normal, but since 5.6-p1-r2 |
35 |
I have these strange log messages... |
36 |
|
37 |
> Could it be your cable or DSL router? I can ssh into my DSL router, |
38 |
> but it doesn't send me any traffic unless I send some first. |
39 |
|
40 |
I doubt about it. There is not dsl-router, just switch and |
41 |
direct connection to internet. Funny is, that "my.ip.add.ress" |
42 |
is actually IP-address of this server, and exactly the same |
43 |
IP on which sshd is running. So if "my.ip.add.ress" is "remote", |
44 |
then it seems my server is trying to connect my server. |
45 |
Very strange... |
46 |
|
47 |
|
48 |
> I'd use a sniffer like ngrep or wireshark to see who is poking at your |
49 |
> ssh port, if anyone really is. |
50 |
> |
51 |
> Anyway, my sshd_config file (version 5.8) has a "LogLevel" setting. |
52 |
> In your case I'd be tempted to increase the verbosity to figure out |
53 |
> what the messages are really trying to tell you. |
54 |
|
55 |
OK, I'll try it. Though in reality, I would actually like |
56 |
to decrease somehow this verbosity. My sshd.log gets terribly |
57 |
big, and is rotated every day... |
58 |
|
59 |
Jarry |
60 |
|
61 |
-- |
62 |
_______________________________________________________________ |
63 |
This mailbox accepts e-mails only from selected mailing-lists! |
64 |
Everything else is considered to be spam and therefore deleted. |