Date: Sat, 9 Apr 2011 16:48:19 -0400 From: "illoai@gmail.com" <illoai@gmail.com> To: Scott Ballantyne <sdb@ssr.com> Cc: freebsd-questions@freebsd.org Subject: Re: SSHD Strangeness Message-ID: <BANLkTinhT5Tcd1hKdmibOsva2HPXc1Hfug@mail.gmail.com> In-Reply-To: <20110409172218.75419.qmail@irelay.ssr.com> References: <20110409172218.75419.qmail@irelay.ssr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9 April 2011 13:22, Scott Ballantyne <sdb@ssr.com> wrote: > >>On Fri, Apr 8, 2011 at 5:15 PM, illoai@gmail.com <illoai@gmail.com> wrote= : >>>On 8 April 2011 15:22, Scott Ballantyne <sdb@ssr.com> wrote: >>> I've never seen this before, but when ssh'ing to my server today, I >>> got: >>> >>> ssh_exchange_identification: Connection closed >> =A0 =A0Was this multiple log-in failures receiving the same >> =A0 =A0error message? >> >> =A0 =A0& is this log-in happening across the internet or is >> =A0 =A0this on your local network? > > Not sure what you mean by 'multiple log-in failures'. I tried many > times, each with the same result, if that's what you are asking. > > It was happening across the internet and also locally. When I logged > into the server with my vendors KVM tool, I tried ssh'ing to from the > server to the server, and got the same message. > > I thought there might have been a break-in, but who and 'w' didn't > show anyone logged in that shouldn't have been there. I killed all the > sshd processes and restarted it, that didn't help. > > ps -auxww did show a few, not many, sshd's in various states of > connectedness. I'm wondering if this is some kind of denial-of-service > attack opportunity. That's the only thing I can think of at the moment. I guess if the login name you are using is fairly obvious the script kiddies may be triggering the limit of MaxAuthTries I grokn't C, but your error is coming from http://svn.freebsd.org/viewvc/base/stable/8/crypto/openssh/sshconnect.c?rev= ision=3D206984&view=3Dmarkup ( http://is.gd/UGXcP0 ) HTH --=20 --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTinhT5Tcd1hKdmibOsva2HPXc1Hfug>