sshd exited on signal 11

[Roland Smith]

On Sun, Aug 03, 2014 at 11:13:17AM -0400, Jerry wrote:
> Sun, 3 Aug 2014 11:09:51 -0400
> 
> My "/var/log/messages" log file has been filling up with these messages for
> days now. What could be causing it? This is just a few of the hundreds that
> are in the file.
> 
> Aug  2 21:12:28 scorpio kernel: pid 2306 (sshd), uid 0: exited on signal 11
> Aug  2 21:51:40 scorpio kernel: pid 2373 (sshd), uid 0: exited on signal 11
> Aug  2 21:52:06 scorpio kernel: pid 2374 (sshd), uid 0: exited on signal 11
> Aug  2 21:52:25 scorpio kernel: pid 2375 (sshd), uid 0: exited on signal 11
> Aug  2 21:53:10 scorpio kernel: pid 2376 (sshd), uid 0: exited on signal 11
> Aug  2 22:50:30 scorpio kernel: pid 2492 (sshd), uid 0: exited on signal 11
> Aug  2 22:50:54 scorpio kernel: pid 2493 (sshd), uid 0: exited on signal 11
> Aug  2 22:51:12 scorpio kernel: pid 2494 (sshd), uid 0: exited on signal 11
> Aug  2 22:51:59 scorpio kernel: pid 2495 (sshd), uid 0: exited on signal 11

Something is causing sshd to crash with a segmentation violation. And after
that it is probably restarted by inetd.

Maybe an attacker is forcing sshd to crash to gain access? Are there any
connection attempts logged? What happens if you start sshd from the command
line?

Roland
-- 
R.F.Smith                                   http://rsmith.home.xs4all.nl/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 5753 3324 1661 B0FE 8D93  FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20140803/36f75876/attachment.sig>