On 02/21/2011 11:48 AM, Jarry wrote:
Hi,
I just noticed my /var/log/sshd.log is suddenly somehow big.
That's interesting. I have no such logfile. Did you change something
in /etc/ssh/sshd_config?
Oh, wait, I'm running openssh-5.8-p1, and my config file says the logging
configuration has eliminated the "FascistLogging" option. (Nerds are a
laugh a minute, eh?)
After checking it out I have found a lot of messages like this:
2011-02-21T03:49:21+00:00 obelix sshd[19767]: SSH: Server;Ltype:
Version;Remote: my.ip.add.ress-56254;Protocol: 2.0;Client:
OpenSSH_5.8p1-hpn13v10
This message was recorded on 2011-02-14T17:45:24+00:00 for
the first time, and since then exactly every 2 minutes.
I think it was the day when I updated to openssh-5.6-p1-r2.
So, if your machine is running openssh-5.6 server, then whose machine
is running an openssh-5.8 client?
Could it be your cable or DSL router? I can ssh into my DSL router,
but it doesn't send me any traffic unless I send some first.
I'd use a sniffer like ngrep or wireshark to see who is poking at your
ssh port, if anyone really is.
Anyway, my sshd_config file (version 5.8) has a "LogLevel" setting.
In your case I'd be tempted to increase the verbosity to figure out
what the messages are really trying to tell you.
