Date: Sun, 3 Aug 2014 17:30:14 +0200 From: Roland Smith <rsmith@xs4all.nl> To: User questions <freebsd-questions@freebsd.org> Subject: Re: sshd exited on signal 11 Message-ID: <20140803153014.GB67677@slackbox.erewhon.home> In-Reply-To: <20140803111317.3b763340@scorpio> References: <20140803111317.3b763340@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
--MW5yreqqjyrRcusr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Aug 03, 2014 at 11:13:17AM -0400, Jerry wrote: > Sun, 3 Aug 2014 11:09:51 -0400 >=20 > My "/var/log/messages" log file has been filling up with these messages f= or > days now. What could be causing it? This is just a few of the hundreds th= at > are in the file. >=20 > Aug 2 21:12:28 scorpio kernel: pid 2306 (sshd), uid 0: exited on signal = 11 > Aug 2 21:51:40 scorpio kernel: pid 2373 (sshd), uid 0: exited on signal = 11 > Aug 2 21:52:06 scorpio kernel: pid 2374 (sshd), uid 0: exited on signal = 11 > Aug 2 21:52:25 scorpio kernel: pid 2375 (sshd), uid 0: exited on signal = 11 > Aug 2 21:53:10 scorpio kernel: pid 2376 (sshd), uid 0: exited on signal = 11 > Aug 2 22:50:30 scorpio kernel: pid 2492 (sshd), uid 0: exited on signal = 11 > Aug 2 22:50:54 scorpio kernel: pid 2493 (sshd), uid 0: exited on signal = 11 > Aug 2 22:51:12 scorpio kernel: pid 2494 (sshd), uid 0: exited on signal = 11 > Aug 2 22:51:59 scorpio kernel: pid 2495 (sshd), uid 0: exited on signal = 11 Something is causing sshd to crash with a segmentation violation. And after that it is probably restarted by inetd. Maybe an attacker is forcing sshd to crash to gain access? Are there any connection attempts logged? What happens if you start sshd from the command line? Roland --=20 R.F.Smith http://rsmith.home.xs4all.nl/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 5753 3324 1661 B0FE 8D93 FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0) --MW5yreqqjyrRcusr Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJT3lWGAAoJEED21dyjijPgjXoP+wRIjxBrd/KkUbk0BToa1uif 7urxOqcFsOk4Yi94PjfWTShKKrHWDJ1KiUdBGaGEfUyswQdJGW+1Unmf66Y9eSO7 hpjefWdSBd6QGAfGbRltu7jPirmRGycy59u2l9qaYaYWQdPe+v5NOUGeroRJFhD7 AoUO52aa0td7vGrjmOmXYyB5GAOg8b+svIWt2W9rDBry9mtd1LwV87k3FJznvNBo /izKtoFQBB1I7jGWz0n8tMwd2rNlX983c0/nJWD5yVeWlvEWoHCMAie1wDeSOWog iMRCsXxm4m7EEqdS/ztgHHseKx8vabz3bu14jG/h4WLFLwNciXNHxjQqcYDeW72J bZrnr5YjYAoUz4HL84aomMXX5W+pqXWRDODms+9BEjYTzCR5az/ekHyIkf64lvYU q+t3eWD+vvC1MR7fRoVqMe4pVM3vCKGo/KlorzK486/4EFtmvHVGGlgwXWD1cYrA j5JPGPb7qp0GH2R7wZXYFZOUbD5pzttM32OpWDZEpoeOnntO0p956AuakkExltUJ htTUWxGCIZ9Jw5ay8gfhA7UfPgyiZlgZkE9T6LVJNDGFcVQHokxFY2v7tGt5jKlj IuoXlZ2wxIdmaHEKbvo1S9GjExdhEMWOdXBHYCiKVeQEObjs6wOB9oia4HAPIJ7o NSrk/chVV7nz6T6ylpUE =JQLS -----END PGP SIGNATURE----- --MW5yreqqjyrRcusr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140803153014.GB67677>