[hobbit] RE: [SOLVED][hobbit] sshd notification in syslog

McGraw, Robert P. rmcgraw at purdue.edu
Thu Mar 2 20:54:29 CET 2006


What ever I did this time seem to work. 

I used SSH-2.0-Sun_SSH_1.0.1\r\n and this seems to work now. 

Thanks

Robert


_____________________________________________________________________
Robert P. McGraw, Jr.
Manager, Computer System                 EMAIL: rmcgraw at purdue.edu
Purdue University                         ROOM: MATH-807
Department of Mathematics                PHONE: (765) 494-6055
150 N. University Street                   FAX: (419) 821-0540
West Lafayette, IN 47907-2067            


> -----Original Message-----
> From: Schwimmer, Eric E *HS [mailto:EES2Y at hscmail.mcc.virginia.edu]
> Sent: Thursday, March 02, 2006 2:42 PM
> To: hobbit at hswn.dk
> Subject: RE: [hobbit] RE: [SOLVED][hobbit] sshd notification in syslog
> 
> 
> 
> Hrm, the first string (SSH-2.0-Sun_SSH_1.0.1) should
> have worked (or at least, it works on my server running the openssh
> version of sshd).
> 
> Have you tried telneting into the port and  typing the version number
> in yourself?  If it accepts it, you'll get some crazy diffie-hellman
> text, otherwise it will spit a protocol mismatch line back at you.
> 
> Also, silly question, but did you make sure to include to '\r\n' at
> the end of the message?  If you did, you might want to try messing
> with that (changing it to just '\r' or '\n') because the protocol
> error in your syslog looks a little weird (extra newline), so I'm
> wondering if there isnt something wrong there.
> 
> -Eric
> 
> > -----Original Message-----
> > From: McGraw, Robert P. [mailto:rmcgraw at purdue.edu]
> > Sent: Thursday, March 02, 2006 2:19 PM
> > To: hobbit at hswn.dk
> > Subject: RE: [hobbit] RE: [SOLVED][hobbit] sshd notification in syslog
> >
> > I am having the same problem and trying to follow your instructions.
> >
> >
> >
> > I ran
> >
> >
> >
> >  ##R##-zorn->[227] ##> ssh -V
> >
> > Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
> >
> >
> >
> > To get the version number.
> >
> >
> >
> > I also ran telnet host 22 and got back the following
> >
> >
> >
> > SSH-2.0-Sun_SSH_1.0.1
> >
> >
> >
> > I have tried the following
> >
> >
> >
> > SSH-2.0-Sun_SSH_1.0.1
> >
> > Sun_SSH_1.1
> >
> > Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
> >
> >
> >
> > as the version number with no luck.
> >
> >
> >
> > I keep getting the following message log.
> >
> >
> >
> > Mar  2 14:03:47 zada.math.purdue.edu sshd[29349]: [ID 800047
> > auth.info] Bad protocol version identification 'Sun_SSH_1.1
> >
> > Mar  2 14:03:47 zada.math.purdue.edu ' from 128.210.3.176
> >
> >
> >
> > The only change in the log message is the version
> > identification string.
> >
> >
> >
> > How do I find the right version number to use?
> >
> >
> >
> > Thanks
> >
> >
> >
> > Robert
> >
> >
> >
> >
> >
> >
> >
> > _____________________________________________________________________
> >
> > Robert P. McGraw, Jr.
> >
> > Manager, Computer System
> >    EMAIL: rmcgraw at purdue.edu
> >
> > Purdue University
> >              ROOM: MATH-807
> >
> > Department of Mathematics
> >    PHONE: (765) 494-6055
> >
> > 150 N. University Street
> >             FAX: (419) 821-0540
> >
> > West Lafayette, IN 47907-2067
> >
> > ________________________________
> >
> > From: thomas.seglard.enata at cnp.fr
> > [mailto:thomas.seglard.enata at cnp.fr]
> > Sent: Thursday, March 02, 2006 12:21 PM
> > To: hobbit at hswn.dk
> > Subject: [hobbit] RE: [SOLVED][hobbit] sshd notification in syslog
> >
> >
> >
> >
> > Thank you !
> >
> > the second option (the one you preferred) was a good bet !
> > I added the lines as you indicate and that's solved my problem.
> >
> > Best regards,
> >
> > Thomas Seglard
> >
> > "Schwimmer, Eric E *HS" <EES2Y at hscmail.mcc.virginia.edu> a
> > écrit sur 02/03/2006 17:31:10 :
> >
> > >
> > > Three posibilities, off the top of my head:
> > >
> > > On the client side:
> > > 1. Install syslog-ng instead of ksyslogd, and
> > >    filter on the ip address of your hobbit server.
> > > 2. Call your logrotate script (assuming you use one)
> > >    more often, and/or make it compress your old syslog
> > >    messages.
> > >
> > > On the hobbit server side:
> > > (this is my preferred option)
> > > 1. change your bb-services file ($HOBBIT/server/etc/bb-services)
> > >    so that ssh test sends the version string.  I think that will
> > >    stop your sshd from complaining.
> > >
> > > ie.:
> > >
> > > [ssh|ssh1|ssh2]
> > >    send "SSH-2.0-OpenSSH_4.1\r\n"
> > >    expect "SSH"
> > >    options banner
> > >    port 22
> >
> >
> >
> >
> 
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3051 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20060302/7e525628/attachment.bin>


More information about the Xymon mailing list