SSHD Strangeness
illoai at gmail.com
illoai at gmail.com
Sat Apr 9 20:48:21 UTC 2011
On 9 April 2011 13:22, Scott Ballantyne <sdb at ssr.com> wrote:
>
>>On Fri, Apr 8, 2011 at 5:15 PM, illoai at gmail.com <illoai at gmail.com> wrote:
>>>On 8 April 2011 15:22, Scott Ballantyne <sdb at ssr.com> wrote:
>>> I've never seen this before, but when ssh'ing to my server today, I
>>> got:
>>>
>>> ssh_exchange_identification: Connection closed
>> Was this multiple log-in failures receiving the same
>> error message?
>>
>> & is this log-in happening across the internet or is
>> this on your local network?
>
> Not sure what you mean by 'multiple log-in failures'. I tried many
> times, each with the same result, if that's what you are asking.
>
> It was happening across the internet and also locally. When I logged
> into the server with my vendors KVM tool, I tried ssh'ing to from the
> server to the server, and got the same message.
>
> I thought there might have been a break-in, but who and 'w' didn't
> show anyone logged in that shouldn't have been there. I killed all the
> sshd processes and restarted it, that didn't help.
>
> ps -auxww did show a few, not many, sshd's in various states of
> connectedness. I'm wondering if this is some kind of denial-of-service
> attack opportunity. That's the only thing I can think of at the moment.
I guess if the login name you are using is fairly obvious
the script kiddies may be triggering the limit of
MaxAuthTries
I grokn't C, but your error is coming from
http://svn.freebsd.org/viewvc/base/stable/8/crypto/openssh/sshconnect.c?revision=206984&view=markup
( http://is.gd/UGXcP0 )
HTH
--
--
More information about the freebsd-questions
mailing list