PDA

View Full Version : Unknown ssh attempts during boot



senthilpr_in
5th April 2006, 05:54 PM
Hi all,

I seem to have unknown ssh attempts to my FC4 machine during boot time. I found this in /var/log/messages. My /var/log/boot.log is empty, probably due to this bug (href="https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=16346). I'm a newbie, so please be easy on me.



Apr 2 04:02:08 smarty crond(pam_unix)[6504]: session closed for user root
Apr 2 04:22:02 smarty crond(pam_unix)[7160]: session opened for user root by (uid=0)
Apr 2 04:23:50 smarty crond(pam_unix)[7160]: session closed for user root
Apr 2 05:01:01 smarty crond(pam_unix)[13760]: session opened for user root by (uid=0)
Apr 2 05:01:01 smarty crond(pam_unix)[13760]: session closed for user root
Apr 2 05:20:01 smarty sshd(pam_unix)[13916]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.187.56.102 user=root
Apr 2 05:20:10 smarty sshd(pam_unix)[13918]: check pass; user unknown
Apr 2 05:20:10 smarty sshd(pam_unix)[13918]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.187.56.102
Apr 2 05:20:16 smarty sshd(pam_unix)[13922]: check pass; user unknown
Apr 2 05:20:16 smarty sshd(pam_unix)[13922]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.187.56.102
Apr 2 05:20:23 smarty sshd(pam_unix)[13924]: check pass; user unknown
Apr 2 05:20:23 smarty sshd(pam_unix)[13924]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.187.56.102
Apr 2 05:20:29 smarty sshd(pam_unix)[13928]: check pass; user unknown
Apr 2 05:20:29 smarty sshd(pam_unix)[13928]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.187.56.102
Apr 2 05:20:37 smarty sshd(pam_unix)[13931]: check pass; user unknown
Apr 2 05:20:37 smarty sshd(pam_unix)[13931]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.187.56.102
....
....

Apr 5 00:01:01 smarty crond(pam_unix)[25555]: session opened for user root by (uid=0)
Apr 5 00:01:01 smarty crond(pam_unix)[25555]: session closed for user root
Apr 5 01:01:01 smarty crond(pam_unix)[26044]: session opened for user root by (uid=0)
...
...
Apr 5 07:54:01 smarty sshd(pam_unix)[29864]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=a15183842.alturo-server.de
Apr 5 07:54:05 smarty sshd(pam_unix)[29868]: check pass; user unknown
Apr 5 07:54:05 smarty sshd(pam_unix)[29868]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=a15183842.alturo-server.de
Apr 5 07:54:09 smarty sshd(pam_unix)[29870]: check pass; user unknown
Apr 5 07:54:09 smarty sshd(pam_unix)[29870]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=a15183842.alturo-server.de
Apr 5 08:00:47 smarty sshd(pam_unix)[30136]: check pass; user unknown
.....
.....
Apr 5 08:01:01 smarty crond(pam_unix)[30146]: session opened for user root by (uid=0)
Apr 5 08:01:02 smarty crond(pam_unix)[30146]: session closed for user root
Apr 5 08:01:07 smarty sshd(pam_unix)[30150]: check pass; user unknown
Apr 5 08:01:07 smarty sshd(pam_unix)[30150]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=a15183842.alturo-server.de
Apr 5 08:01:10 smarty sshd(pam_unix)[30152]: check pass; user unknown
Apr 5 08:01:10 smarty sshd(pam_unix)[30152]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=a15183842.alturo-server.de
....
....
Apr 5 09:01:01 smarty crond(pam_unix)[30660]: session opened for user root by (uid=0)
Apr 5 09:01:02 smarty crond(pam_unix)[30660]: session closed for user root
Apr 5 10:01:01 smarty crond(pam_unix)[31150]: session opened for user root by (uid=0)
Apr 5 10:01:02 smarty crond(pam_unix)[31150]: session closed for user root
Apr 5 10:11:27 smarty su(pam_unix)[31257]: session opened for user root by (uid=500)
Apr 5 10:11:42 smarty su(pam_unix)[31257]: session closed for user root


I have stopped the sshd and crond service as of now. Every restart produces an attempt to ssh from a different remote machine. Also, I'm having trouble with my metacity window manager. When I try to login to the Window Manager takes forever to open. Please advice.

Thx
Senthil

pete_1967
5th April 2006, 06:01 PM
By any chance you have Smarty templating engine installed on one of your boxes?

senthilpr_in
5th April 2006, 06:06 PM
smarty is just the name of machine