[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] sshd notification in syslog

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] sshd notification in syslog
From: Rob Munsch <rmunsch (at) solutionsforprogress.com>
Date: Thu, 02 Mar 2006 17:04:49 -0500
References: <OF844DE858.0B6A0917-ONC1257125.003C1F65-C1257125.003D49AE@paris.cnp.fr>
User-agent: Mozilla Thunderbird 1.0.7 (X11/20051111)

Funny you should mention.

From the SSH list where i posted the same question (secureshell at securityfocus dot com):

"Generally, these are caused when a machine connects to the SSH port, but
doesn't attempt login.  they're very common if, for example, you're
making periodic connections to port 22 via some kind of monitoring
system.  However, any connection which never gets around to
authenticating, from a port scan to a user connecting and walking away
for a few minutes, can cause this message."

So... yeah.

thomas.seglard.enata (at) cnp.fr wrote:

Hello,
since deployment of hobbit's client on 200 servers (hpux, aix, sun, linux), I got this message in syslog :

Feb 13 12:05:44 psa089 sshd[9813]: Did not receive identification string from 158.157.156.91 Feb 13 12:06:47 psa089 sshd[9980]: Did not receive identification string from 158.157.156.91 Feb 13 12:07:49 psa089 sshd[10006]: Did not receive identification string from 158.157.156.91 Feb 13 12:08:17 psa089 sshd[10012]: Did not receive identification string from 158.157.156.91 Feb 13 12:08:48 psa089 sshd[10078]: Did not receive identification string from 158.157.156.91 Feb 13 12:09:52 psa089 sshd[10564]: Did not receive identification string from 158.157.156.91 Feb 13 12:10:55 psa089 sshd[10871]: Did not receive identification string from 158.157.156.91 Feb 13 12:11:57 psa089 sshd[10987]: Did not receive identification string from 158.157.156.91 Feb 13 12:13:00 psa089 sshd[11060]: Did not receive identification string from 158.157.156.91 Feb 13 12:13:20 psa089 sshd[11065]: Did not receive identification string from 158.157.156.91 Feb 13 12:14:02 psa089 sshd[11166]: Did not receive identification string from 158.157.156.91 Feb 13 12:15:06 psa089 sshd[11297]: Did not receive identification string from 158.157.156.91

Ip address is the one from my hobbit's server (158.157.156.91). This message do not specify that the ssh test failed, so I'm not worried about this. The main problem is the size of syslog and /var is growing rapidly ! Anyone knows how to prevent this message to be display in syslog ? Thank you !
Thomas Seglard
(I'm using Lotus Notes, what a challenge...)
Ce message (et toutes ses pieces jointes eventuelles) est confidentiel et etabli a l'intention exclusive de ses destinataires. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. L'internet ne permettant pas d'assurer l'integrite de ce message, CNP Assurances et ses filiales declinent toute responsabilite au titre de ce message, s'il a ete altere, deforme ou falsifie.
*****
This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither CNP Assurances nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.


--
Rob Munsch
Solutions For Progress IT

References:
- sshd notification in syslog
  - From: thomas . seglard . enata

Prev by Date: RE: [hobbit] RE: [SOLVED][hobbit] sshd notification in syslog
Next by Date: Re: [hobbit] RE: [SOLVED][hobbit] sshd notification in syslog
Previous by thread: sshd notification in syslog
Next by thread: Re: [hobbit] using var in bb-hosts?
Index(es):
- Date
- Thread