On Mon, 18 Dec 2017, Rich Shepard wrote:
All hosts are configured to use a SSH port other than 22; the same port
number on all of them. But, it's not the port numbers shown by the logwatch
report this morning:
--------------------- SSHD Begin ------------------------
Users logging in through sshd:
rshepard:
192.168.55.2 (caddis.appl-ecosys.com): 1 time
192.168.55.3 (lemna.appl-ecosys.com): 1 time
192.168.55.6 (typha.appl-ecosys.com): 1 time
**Unmatched Entries**
Disconnected from 192.168.55.3 port 59346 : 1 time(s)
Disconnected from 192.168.55.2 port 50460 : 1 time(s)
Received disconnect from 192.168.55.6 port 35818:11: disconnected by user :
1 time(s)
Received disconnect from 192.168.55.3 port 59346:11: disconnected by user :
1 time(s)
Received disconnect from 192.168.55.2 port 50460:11: disconnected by user :
1 time(s)
Disconnected from 192.168.55.6 port 35818 : 1 time(s)
---------------------- SSHD End -------------------------
Most of these connections were by scp, not ssh. Does scp use different,
and random, ports while ssh uses the one specified the the config files of
server and clients?
Logwatch isn't reporting the server-side port; it's reporting the
initiating port on the client side, which for most TCP clients is high
and random.
In other words, the output above is completely normal.
--
Paul Heinlein
[email protected]
45°38' N, 122°6' W
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
