SSHD Strangeness

Scott Ballantyne sdb at ssr.com
Sat Apr 9 17:32:15 UTC 2011


>On Fri, Apr 8, 2011 at 5:15 PM, illoai at gmail.com <illoai at gmail.com> wrote:
>>On 8 April 2011 15:22, Scott Ballantyne <sdb at ssr.com> wrote:
>> I've never seen this before, but when ssh'ing to my server today, I
>> got:
>>
>> ssh_exchange_identification: Connection closed
>    Was this multiple log-in failures receiving the same
>    error message?
>
>    & is this log-in happening across the internet or is
>    this on your local network?

Not sure what you mean by 'multiple log-in failures'. I tried many
times, each with the same result, if that's what you are asking.

It was happening across the internet and also locally. When I logged
into the server with my vendors KVM tool, I tried ssh'ing to from the
server to the server, and got the same message.

I thought there might have been a break-in, but who and 'w' didn't
show anyone logged in that shouldn't have been there. I killed all the
sshd processes and restarted it, that didn't help.

ps -auxww did show a few, not many, sshd's in various states of
connectedness. I'm wondering if this is some kind of denial-of-service
attack opportunity. That's the only thing I can think of at the moment.

I'm not using the host allow/deny stuff, and unfortunately did not
think to use ssh -W.

Thanks!

Scott
-- 
sdb at ssr.com




More information about the freebsd-questions mailing list