[Nagios-users] Problems with check_sshd
Karl DeBisschop
karl at debisschop.net
Sun Oct 20 14:22:46 CEST 2002
On Mon, 2002-06-10 at 11:56, Furnish, Trever G wrote:
> IMHO there should be an option within openssh to supress this type of
> message in the logs without supressing others, such as incorrect or
> completed logins, but the openssh developers seem to feel differently...
> Perhaps if more people ask or someone submits a patch to a recent build...?
I think the OpenSSH developers would correctly consider half-open
connections to be a valid security issue that they should not suppress.
If you keep your chekcs infrequent, your log space will not be an issue.
And half-decent log filtering software should be able to ignore this in
the warnings.
Incidentally, in theory I do know ho to prevent this. But it is not
trivial to implement, as it requires negitiating protocols etc. I do not
expect to have the time to do it in the near future.
A rather different approach, maybe worthwhile, would be a be a wrapper
around ScanSSH?
> -----Original Message-----
> From: Subhendu Ghosh [mailto:sghosh at sghosh.org]
> Sent: Monday, June 10, 2002 10:28 AM
> To: Matthias Eichler
> Cc: nagios-users at lists.sourceforge.net;
> netsaint-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Problems with check_sshd
>
>
> currently there is no patch to prevent the message. The easiest way would
> be to provide a full login and disconnect to the remote system.
> Contributions welcome.
>
> -sg
>
> On Mon, 10 Jun 2002, Matthias Eichler wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Am Montag, 10. Juni 2002 15:32 schrieb Subhendu Ghosh:
> >
> > thats clear to me so far. the question is:
> > how may I change the check_sshd plugin that it is doing these
> > checks so smart, that we do not get an syslog error...
> >
> > matt
> >
> > > This happens because check_sshd disconnects before sending any login
> > > information.
> > >
> > > check_sshd is only checking that the sshd server is up and running -
> > > providing a login prompt. It does not complete the login process.
> > >
> > > -sg
> > >
> > > On Mon, 10 Jun 2002, Matthias Eichler wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Hi List,
> > > >
> > > > some question to check_sshd (i know, this is nagios-users and
> > > > netsaint-us= ers):
> > > >
> > > > When we check the ssh-server on our boxes we got some fatal-error
> > > > in the syslog of the server which was checked:
> > > >
> > > > - - ---cut---
> > > > <Date> <Hostname> sshd: fatal: Read from socket failed: Connection
> reset
> > > > = by=20
> > > > peer
> > > > - - ---cut---
> > > >
> > > > As we have some alert system for syslog all these messages get printed
> > > > out (and are blowing up our logfiles).
> > > >
> > > > Does anybody knows anything about this error!?!?
> > > >
> > > > Best regards & thanks in advance for your help,
> > > >
> > > > Matthias Eichler
> > > >
> > > > - --
> > > > Mit freundlichen Grüßen,
> > > > AME Aigner Media & Entertainment GmbH
> > > >
> > > > Matthias Eichler
> > > > Leiter Technik | Technical Director
> > > > _____________________________________
> > > >
> > > > AME Aigner Media & Entertainment GmbH
> > > > Bavariaring 8 D-80336 Muenchen
> > > >
> > > > Tel: [+49] Ø89.427.05-330
> > > > Fax: [+49] Ø89.427.05-199
> > > >
> > > > http://ame.de Mail: me at ame.de
> > > > _____________________________________
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.0.6 (GNU/Linux)
> > > > Comment: For info see http://www.gnupg.org
> > > >
> > > > iD8DBQE9BGNJbojCIP+wwC4RAh/aAJ9PTs+GPSRAVTjZeIIi4tIXym669QCfeHf9
> > > > SfOxh5+5ge/0UgoTlWy/EoU=
> > > > =K/jf
> > > > -----END PGP SIGNATURE-----
> > > >
> > > >
> > > > _______________________________________________________________
> > > >
> > > > Don't miss the 2002 Sprint PCS Application Developer's Conference
> > > > August 25-28 in Las Vegas -
> > > > http://devcon.sprintpcs.com/adp/index.cfm?source
> > > > _______________________________________________
> > > > Nagios-users mailing list
> > > > Nagios-users at lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/nagios-users
> >
> > - --
> > Mit freundlichen Grüßen,
> > AME Aigner Media & Entertainment GmbH
> >
> > Matthias Eichler
> > Leiter Technik | Technical Director
> > _____________________________________
> >
> > AME Aigner Media & Entertainment GmbH
> > Bavariaring 8 D-80336 Muenchen
> >
> > Tel: [+49] Ø89.427.05-330
> > Fax: [+49] Ø89.427.05-199
> >
> > http://ame.de Mail: me at ame.de
> > _____________________________________
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.6 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE9BLNwbojCIP+wwC4RAjicAJ4jPga+V3EjynXTFwRkUddKVJu0ogCbB0xW
> > EiYAczj5tTaVqNqCuYX/Ra4=
> > =8rkk
> > -----END PGP SIGNATURE-----
> >
>
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -
> http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
>
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
>
> _______________________________________________
> Netsaint-users mailing list
> Netsaint-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/netsaint-users
-------------------------------------------------------
This sf.net email is sponsored by:
Access Your PC Securely with GoToMyPC. Try Free Now
https://www.gotomypc.com/s/OSND/DD
More information about the Users
mailing list