karo2k4
Contributor
Contributor

Strange sshd entries in /var/log/messages

Hello

I have a few VMware ESX 3.0.1/ ESX 3.0.2 Server running. But all of these show strange entries in /var/log/messages

like these:

Nov 1 08:24:42 test-vmware sshd[25229]: Connection from 127.0.0.1 port 49086

Nov 1 08:25:43 test-vmware sshd[25245]: Connection from 127.0.0.1 port 49087

Nov 1 08:26:43 test-vmware sshd[25261]: Connection from 127.0.0.1 port 49088

Nov 1 08:27:43 test-vmware sshd[25277]: Connection from 127.0.0.1 port 49089

Nov 1 08:28:46 test-vmware sshd[25293]: Connection from 127.0.0.1 port 49090

Nov 1 08:29:46 test-vmware sshd[25309]: Connection from 127.0.0.1 port 49091

Nov 1 08:30:47 test-vmware sshd[25325]: Connection from 127.0.0.1 port 49092

Nov 1 08:31:47 test-vmware sshd[25341]: Connection from 127.0.0.1 port 49093

Nov 1 08:32:48 test-vmware sshd[25357]: Connection from 127.0.0.1 port 49094

Nov 1 08:33:49 test-vmware sshd[25373]: Connection from 127.0.0.1 port 49095

Nov 1 08:34:49 test-vmware sshd[25389]: Connection from 127.0.0.1 port 49096

Nov 1 08:35:50 test-vmware sshd[25405]: Connection from 127.0.0.1 port 49097

Nov 1 08:36:50 test-vmware sshd[25414]: Connection from 127.0.0.1 port 49098

Nov 1 08:37:51 test-vmware sshd[25430]: Connection from 127.0.0.1 port 49099

Nov 1 08:38:52 test-vmware sshd[25446]: Connection from 127.0.0.1 port 49100

Nov 1 08:39:52 test-vmware sshd[25462]: Connection from 127.0.0.1 port 49101

Nov 1 08:40:53 test-vmware sshd[25478]: Connection from 127.0.0.1 port 49102

Nov 1 08:41:54 test-vmware sshd[25496]: Connection from 127.0.0.1 port 49103

Nov 1 08:42:54 test-vmware sshd[25512]: Connection from 127.0.0.1 port 49104

Nov 1 08:43:54 test-vmware sshd[25528]: Connection from 127.0.0.1 port 49105

Nov 1 08:44:54 test-vmware sshd[25544]: Connection from 127.0.0.1 port 49106

Nov 1 08:45:55 test-vmware sshd[25560]: Connection from 127.0.0.1 port 49107

Nov 1 08:47:03 test-vmware sshd[25576]: Connection from 127.0.0.1 port 49108

Nov 1 08:48:05 test-vmware sshd[25592]: Connection from 127.0.0.1 port 49109

Nov 1 08:49:05 test-vmware sshd[25608]: Connection from 127.0.0.1 port 49110

Whats wrong with sshd ? How can i stop this ?

Thanks for your advice!

Karo2k4

0 Kudos
7 Replies
WillemB
Enthusiast
Enthusiast

Looks like some sort of self-test. Do you have a trial edition of somesort?

Try looking in /etc/sshd.conf to see if anything strange is in there.

Then restart the service "service sshd restart"

If this doesn't resolve the problem then try to find test-vmware in any file on the service console. That should provide a good starting point to finding the problem.

karo2k4
Contributor
Contributor

Thx for your answer

All Server are fully licenced and there is nothing special configured in /etc/ssh/sshd_config 😕

the hostname "test-vmware" can be resolved too

0 Kudos
karo2k4
Contributor
Contributor

Perhaps i have found the problem!

The default value of the LogLevel was set to "VERBOSE". I have changed it to "INFO".

Well, now the Logentries are disappeared, but for what are these checks used for ?

Karo2k4

0 Kudos
WillemB
Enthusiast
Enthusiast

Unless you've put it to verbose mode yourself you've only hidden the problem.

Just guessing:

The messages could for example be for an ESX host to check if it's SSH daemon is still working. If it would stop working then the ESX host could self-heal by restarting some services.

0 Kudos
karo2k4
Contributor
Contributor

your're right. the problem is only hidden.

do you own an ESX Server ?

if yes, whats your setting of the sshd LogLevel ? Do you have "Verbose" or something different ?

0 Kudos
WillemB
Enthusiast
Enthusiast

The company I work for has about 16 hosts. I've looked on our test servers

  1. Logging

#obsoletes QuietMode and FascistLogging

SyslogFacility AUTH

LogLevel VERBOSE

Don't think I can help you much further. This would be a good question for the vmware people in this forum.

0 Kudos
karo2k4
Contributor
Contributor

hmm interesting. well it seems that i have to investigate a litle further.

i havent found any other persons with this problem so far

0 Kudos