https://bugzilla.mindrot.org/show_bug.cgi?id=2717
--- Comment #2 from [email protected] --- (In reply to Damien Miller from comment #1) > This looks like a bug in nagios: > https://sourceforge.net/p/nagiosplug/bugs/196/ That bug refers to where the connection is not properly closed by check_ssh. My point is that if there is a connection to my system, checking, for example to see if sshd is running, and possibly what version it is running, then if the connection came from a system outside my control then this is a probe by an attacker, and should be logged. If it comes from my monitoring system, which could be checking frequently to make sure that sshd is still running, then logging those checks just adds noise to the log file. Systems which process those logs, such as fail2ban, denyhosts, snort etc can all post process the monitoring host (or hosts) entries out, but it would make real probes more obvious in the logs if the monitoring connections were suppressed. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
