Skip site navigation (1)Skip section navigation (2)
Date:      9 Apr 2011 17:22:18 -0000
From:      Scott Ballantyne <sdb@ssr.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: SSHD Strangeness
Message-ID:  <20110409172218.75419.qmail@irelay.ssr.com>

Next in thread | Raw E-Mail | Index | Archive | Help

>On Fri, Apr 8, 2011 at 5:15 PM, illoai@gmail.com <illoai@gmail.com> wrote:
>>On 8 April 2011 15:22, Scott Ballantyne <sdb@ssr.com> wrote:
>> I've never seen this before, but when ssh'ing to my server today, I
>> got:
>>
>> ssh_exchange_identification: Connection closed
>    Was this multiple log-in failures receiving the same
>    error message?
>
>    & is this log-in happening across the internet or is
>    this on your local network?

Not sure what you mean by 'multiple log-in failures'. I tried many
times, each with the same result, if that's what you are asking.

It was happening across the internet and also locally. When I logged
into the server with my vendors KVM tool, I tried ssh'ing to from the
server to the server, and got the same message.

I thought there might have been a break-in, but who and 'w' didn't
show anyone logged in that shouldn't have been there. I killed all the
sshd processes and restarted it, that didn't help.

ps -auxww did show a few, not many, sshd's in various states of
connectedness. I'm wondering if this is some kind of denial-of-service
attack opportunity. That's the only thing I can think of at the moment.

I'm not using the host allow/deny stuff, and unfortunately did not
think to use ssh -W.

Thanks!

Scott
-- 
sdb@ssr.com





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20110409172218.75419.qmail>