walt <w41...@gmail.com> wrote:
> On 02/21/2011 11:48 AM, Jarry wrote:
> > Hi,
> >
> > I just noticed my /var/log/sshd.log is suddenly somehow big.
>
> That's interesting. I have no such logfile. Did you change something
> in /etc/ssh/sshd_config?
>
> Oh, wait, I'm running openssh-5.8-p1, and my config file says the logging
> configuration has eliminated the "FascistLogging" option. (Nerds are a
> laugh a minute, eh?)
>
> > After checking it out I have found a lot of messages like this:
> >
> >> 2011-02-21T03:49:21+00:00 obelix sshd[19767]: SSH: Server;Ltype:
> >>Version;Remote: my.ip.add.ress-56254;Protocol: 2.0;Client:
> >>OpenSSH_5.8p1-hpn13v10
>
> >
> > This message was recorded on 2011-02-14T17:45:24+00:00 for
> > the first time, and since then exactly every 2 minutes.
> > I think it was the day when I updated to openssh-5.6-p1-r2.
>
> So, if your machine is running openssh-5.6 server, then whose machine
> is running an openssh-5.8 client?
>
> Could it be your cable or DSL router? I can ssh into my DSL router,
> but it doesn't send me any traffic unless I send some first.
>
> I'd use a sniffer like ngrep or wireshark to see who is poking at your
> ssh port, if anyone really is.
>
> Anyway, my sshd_config file (version 5.8) has a "LogLevel" setting.
> In your case I'd be tempted to increase the verbosity to figure out
> what the messages are really trying to tell you.
>
Its much simpler -- they changed what you get in the logs -- if you set
LOGLEVEL to QUIET you don't get much, if you set it to INFO you not only
get the usual public key or whatever accepted, but those extra lines for
each login. VERBOSE is even worse, so we are stuck till someone has
sense enough to put that stuff in the VERBOSE level instead.
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici
cov...@ccs.covici.com
