[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] sshd notification in syslog
Funny you should mention.
From the SSH list where i posted the same question (secureshell at
securityfocus dot com):
"Generally, these are caused when a machine connects to the SSH port, but
doesn't attempt login. they're very common if, for example, you're
making periodic connections to port 22 via some kind of monitoring
system. However, any connection which never gets around to
authenticating, from a port scan to a user connecting and walking away
for a few minutes, can cause this message."
So... yeah.
thomas.seglard.enata (at) cnp.fr wrote:
Hello,
since deployment of hobbit's client on 200 servers (hpux, aix, sun,
linux), I got this message in syslog :
Feb 13 12:05:44 psa089 sshd[9813]: Did not receive identification
string from 158.157.156.91
Feb 13 12:06:47 psa089 sshd[9980]: Did not receive identification
string from 158.157.156.91
Feb 13 12:07:49 psa089 sshd[10006]: Did not receive identification
string from 158.157.156.91
Feb 13 12:08:17 psa089 sshd[10012]: Did not receive identification
string from 158.157.156.91
Feb 13 12:08:48 psa089 sshd[10078]: Did not receive identification
string from 158.157.156.91
Feb 13 12:09:52 psa089 sshd[10564]: Did not receive identification
string from 158.157.156.91
Feb 13 12:10:55 psa089 sshd[10871]: Did not receive identification
string from 158.157.156.91
Feb 13 12:11:57 psa089 sshd[10987]: Did not receive identification
string from 158.157.156.91
Feb 13 12:13:00 psa089 sshd[11060]: Did not receive identification
string from 158.157.156.91
Feb 13 12:13:20 psa089 sshd[11065]: Did not receive identification
string from 158.157.156.91
Feb 13 12:14:02 psa089 sshd[11166]: Did not receive identification
string from 158.157.156.91
Feb 13 12:15:06 psa089 sshd[11297]: Did not receive identification
string from 158.157.156.91
Ip address is the one from my hobbit's server (158.157.156.91). This
message do not specify that the ssh test failed, so I'm not worried
about this. The main problem is the size of syslog and /var is growing
rapidly ! Anyone knows how to prevent this message to be display in
syslog ?
Thank you !
Thomas Seglard
(I'm using Lotus Notes, what a challenge...)
Ce message (et toutes ses pieces jointes eventuelles) est confidentiel
et etabli a l'intention exclusive de ses destinataires.
Toute utilisation de ce message non conforme a sa destination, toute
diffusion ou toute publication, totale ou partielle, est
interdite, sauf autorisation expresse.
L'internet ne permettant pas d'assurer l'integrite de ce message, CNP
Assurances et ses filiales declinent toute responsabilite
au titre de ce message, s'il a ete altere, deforme ou falsifie.
*****
This message and any attachments (the "message") are confidential and
intended solely for the addressees.
Any unauthorised use or dissemination is prohibited.
E-mails are susceptible to alteration.
Neither CNP Assurances nor any of its subsidiaries or affiliates shall
be liable for the message if altered, changed or falsified.
--
Rob Munsch
Solutions For Progress IT