Every once in a while, I will get multiple sshd processes running as root, visible when I run "top". However, running "finger", I am the only user. Any ideas as to what could cause this?
-
No Profile PictureContributing UserDevshed Newbie (0 - 499 posts)
- Join Date
- Mar 2005
- Location
- Boston, MA
- Posts
- 398
- Rep Power
- 20
Multiple sshd processes, any idea why?
-
No Profile PictureContributing UserDevshed Newbie (0 - 499 posts)
- Join Date
- Jun 2004
- Posts
- 461
- Rep Power
- 28
Well are you logging into the computer via ssh when you notice the multiple ssh running?
ssh is a daemon that forks to handle each connection. So if you are logging in though ssh, perhaps your ssh client opens server ssh connections possible for file sharing? Or they could be other random people/bots attempting to see if they can log in. Possible searching for boxes with ssh and no root password.My Site:
http://www.coryhardman.com -
No Profile PictureRegistered UserDevshed Newbie (0 - 499 posts)
- Join Date
- Jun 2003
- Posts
- 8
- Rep Power
- 0
Try using netstat to see who is connected to your ssh daemon.
Code:netstat -a|grep ssh
-
No Profile PictureContributing UserDevshed Newbie (0 - 499 posts)
- Join Date
- Mar 2005
- Location
- Boston, MA
- Posts
- 398
- Rep Power
- 20
Thanks for the netstat tip. I did that and saw about 4 "established" connections from a Russian domain. Pretty sure they were hostile, we're not telling anybody in Russia to connect to us via SSH.
Does "established" mean they actually have our password in, or could it mean they're running programs to guess our password?
August 13th, 2008, 12:13 AM
Reply With Quote
August 14th, 2008, 02:48 PM
August 22nd, 2008, 09:40 PM
August 26th, 2008, 03:12 PM
