On 22. 2. 2011 0:42, walt wrote:
On 02/21/2011 11:48 AM, Jarry wrote:
Hi,
I just noticed my /var/log/sshd.log is suddenly somehow big.
That's interesting. I have no such logfile. Did you change something
in /etc/ssh/sshd_config?
I forgot to say: I have set up filter for ssh-messages.
They would be otherwise logged probably into /var/log/messages
Oh, wait, I'm running openssh-5.8-p1, and my config file says the logging
configuration has eliminated the "FascistLogging" option. (Nerds are a
laugh a minute, eh?)
After checking it out I have found a lot of messages like this:
2011-02-21T03:49:21+00:00 obelix sshd[19767]: SSH: Server;Ltype:
Version;Remote: my.ip.add.ress-56254;Protocol: 2.0;Client:
OpenSSH_5.8p1-hpn13v10
This message was recorded on 2011-02-14T17:45:24+00:00 for
the first time, and since then exactly every 2 minutes.
I think it was the day when I updated to openssh-5.6-p1-r2.
So, if your machine is running openssh-5.6 server, then whose machine
is running an openssh-5.8 client?
No, my machine has openssh-5.8_p1-r1. But these messages
startet since I updated to 5.6-p1-r2. Later I updated
to 5.8_p1-r1, and they still keep comming. So up to
5.6-p1-r1 everything was normal, but since 5.6-p1-r2
I have these strange log messages...
Could it be your cable or DSL router? I can ssh into my DSL router,
but it doesn't send me any traffic unless I send some first.
I doubt about it. There is not dsl-router, just switch and
direct connection to internet. Funny is, that "my.ip.add.ress"
is actually IP-address of this server, and exactly the same
IP on which sshd is running. So if "my.ip.add.ress" is "remote",
then it seems my server is trying to connect my server.
Very strange...
I'd use a sniffer like ngrep or wireshark to see who is poking at your
ssh port, if anyone really is.
Anyway, my sshd_config file (version 5.8) has a "LogLevel" setting.
In your case I'd be tempted to increase the verbosity to figure out
what the messages are really trying to tell you.
OK, I'll try it. Though in reality, I would actually like
to decrease somehow this verbosity. My sshd.log gets terribly
big, and is rotated every day...
Jarry
--
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.
