DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 5th May 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Thanked 6 Times in 6 Posts
Default Sudden SSHd restarts

Hòla,

Looking at my logs, I just noticed that SSHd was restarting in average once in a month. Is this considered normal behavior from SSHd?

It looks like it's not related to nothing in my crontabs. The hours and the day in the month are completely random.

Thanks!
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
  #2   (View Single Post)  
Old 5th May 2008
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 446
Thanked 69 Times in 46 Posts
Default

What OS/version? Could you post a log snippet?

AFAIK, no, it is not normal behavior for sshd (at least I don't see any evidence of it on my FBSD 6.x / 7.0 boxes).
__________________
Kill your t.v.
Reply With Quote
  #3   (View Single Post)  
Old 5th May 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Thanked 6 Times in 6 Posts
Default

Thanks for your reply anomie.

I must confess this machine runs Linux Red Hat. It is running OpenSSH version: OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

Here is the latest log snippet.
Code:
Apr 25 19:50:11 log02 sshd[3180]: Received signal 15; terminating.
Apr 27 11:28:04 log02 sshd[3155]: Server listening on :: port 22.
Apr 27 11:28:04 log02 sshd[3155]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
However, as this one is pretty strange (killed on 25th and restarted on the 27th) I am posting this one too:
Code:
Nov 19 09:39:03 log02 sshd[3153]: Received signal 15; terminating.
Nov 19 09:39:06 log02 sshd[6573]: Server listening on :: port 22.
Nov 19 09:39:06 log02 sshd[6573]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Nov 19 09:40:17 log02 sshd[6573]: Received signal 15; terminating.
Nov 19 09:40:20 log02 sshd[7597]: Server listening on :: port 22.
Nov 19 09:40:20 log02 sshd[7597]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Thanks.
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
  #4   (View Single Post)  
Old 5th May 2008
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 446
Thanked 69 Times in 46 Posts
Default

Quote:
Originally Posted by stukov
I must confess this machine runs Linux Red Hat.
No problems -- personally, I like the RHEL family very much.

Anyway, let me ask you: are you perchance restarting the iptables service around the same time that you are seeing those sshd restarts?

The reason I ask is I've noticed that if you have a default DROP policy for your INPUT chain, then restarting the iptables service may 1) terminate your current ssh connection; 2) generate unusual log messages from sshd similar to what you've posted.

If you (or someone) are not restarting iptables, then it looks like some process is trying to kill sshd and then fire up another one too quickly (since it says it can't bind to tcp 22). Maybe logrotate? Although that doesn't explain the seemingly random times you're seeing.
__________________
Kill your t.v.
Reply With Quote
  #5   (View Single Post)  
Old 5th May 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Thanked 6 Times in 6 Posts
Default

You are right anomie. I have a script that changes the INPUT chain's policy for some maintenance operations. This might be cause of my worries.

Thank you very much for your answer anomie. That was very helpful. Thanks!
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Basic sshd hardening anomie Guides 12 12th September 2008 03:39 AM
sshd doesn't time out arch FreeBSD Security 4 6th September 2008 12:23 PM
cupsd and sshd slow mururoa FreeBSD General 3 27th August 2008 08:36 PM
High disk activity crashes machine (sudden reboot) Damien787 FreeBSD General 10 12th June 2008 03:28 PM
sshd and timeout Sunsawe FreeBSD Security 6 29th May 2008 12:54 PM


All times are GMT. The time now is 09:48 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick