Monitoring sshd

monit-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Monitoring sshd

From:	David Fletcher
Subject:	Monitoring sshd
Date:	Fri, 14 Nov 2003 17:15:24 +0000

Hi,

Monitoring the sshd process on the local machine is resulting in an
endless stream of messages in /var/log/messages such as this:

sshd[3968]: Did not receive identification string from 127.0.0.1

I am using Monit 4.1, and OpenSSH_3.6.1p2 on Mandrake 9.1.

Looking at the file "protocols/ssh.c" in the Monit distribution reveals
that whatever identification string the server sends out, Monit sends
the same thing back. This should be fine, and meets specifications for
an SSH client. I don't know what is wrong. Could the carriage return and
line feed be getting lost and not included with the information sent
back to the server? They are a required part of the response.

Changing "protocols/ssh.c" to send back a pre-defined identification
string works fine, and the error messages disappear. Below is a version
of this file which works perfectly. A second string buffer is included,
giving the identification string as "SSH-2.0-Tester".

Have I missed something simple here? Perhaps there is a config option in
SSH to avoid these messages. I don't want to simply turn down the level
of logging, since I might miss people attempting to get in.

Thanks for any help you can give with this,

David.

-----------------------------------------------------------------------
int check_ssh(Socket_T s) {

  char  buf[STRLEN];
  char  buf2[STRLEN];
  ASSERT(s);
    
  if(socket_read(s, buf, sizeof(buf)) <= 0) {
    log("SSH: error receiving identification string -- %s\n", STRERROR);
    return FALSE;
  }

  chomp(buf);
  
  if(strncmp(buf, "SSH-", 4) != 0) {
    log("SSH: protocol error %s\n", buf);
    return FALSE;
  }

  sprintf(buf2, "%s", "SSH-2.0-Tester\r\n");
  /* send identification string back to server */
  if(socket_write(s, buf2, strlen(buf2)) <= 0) {
    log("SSH: error sending identification string -- %s\n", STRERROR);
    return FALSE;
  }
   
  return TRUE;
  
}
-----------------------------------------------------------------------


-- 
---------------------------------------
Email address@hidden
---------------------------------------

[Prev in Thread]

Current Thread

[Next in Thread]

Monitoring sshd, David Fletcher <=
- Re: Monitoring sshd, Jan-Henrik Haukeland, 2003/11/14
  - Re: Monitoring sshd, Igor Homyakov, 2003/11/17
    - Re: Monitoring sshd, Jan-Henrik Haukeland, 2003/11/17
- Re: Monitoring sshd, David Fletcher, 2003/11/17

Prev by Date: restart executes multiple times
Next by Date: Re: Monitoring sshd
Previous by thread: restart executes multiple times
Next by thread: Re: Monitoring sshd
Index(es):
- Date
- Thread