Date: 9 Apr 2011 17:22:18 -0000 From: Scott Ballantyne <sdb@ssr.com> To: freebsd-questions@freebsd.org Subject: Re: SSHD Strangeness Message-ID: <20110409172218.75419.qmail@irelay.ssr.com>
next in thread | raw e-mail | index | archive | help
>On Fri, Apr 8, 2011 at 5:15 PM, illoai@gmail.com <illoai@gmail.com> wrote: >>On 8 April 2011 15:22, Scott Ballantyne <sdb@ssr.com> wrote: >> I've never seen this before, but when ssh'ing to my server today, I >> got: >> >> ssh_exchange_identification: Connection closed > Was this multiple log-in failures receiving the same > error message? > > & is this log-in happening across the internet or is > this on your local network? Not sure what you mean by 'multiple log-in failures'. I tried many times, each with the same result, if that's what you are asking. It was happening across the internet and also locally. When I logged into the server with my vendors KVM tool, I tried ssh'ing to from the server to the server, and got the same message. I thought there might have been a break-in, but who and 'w' didn't show anyone logged in that shouldn't have been there. I killed all the sshd processes and restarted it, that didn't help. ps -auxww did show a few, not many, sshd's in various states of connectedness. I'm wondering if this is some kind of denial-of-service attack opportunity. That's the only thing I can think of at the moment. I'm not using the host allow/deny stuff, and unfortunately did not think to use ssh -W. Thanks! Scott -- sdb@ssr.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110409172218.75419.qmail>