Hello
I have a few VMware ESX 3.0.1/ ESX 3.0.2 Server running. But all of these show strange entries in /var/log/messages
like these:
Nov 1 08:24:42 test-vmware sshd[25229]: Connection from 127.0.0.1 port 49086
Nov 1 08:25:43 test-vmware sshd[25245]: Connection from 127.0.0.1 port 49087
Nov 1 08:26:43 test-vmware sshd[25261]: Connection from 127.0.0.1 port 49088
Nov 1 08:27:43 test-vmware sshd[25277]: Connection from 127.0.0.1 port 49089
Nov 1 08:28:46 test-vmware sshd[25293]: Connection from 127.0.0.1 port 49090
Nov 1 08:29:46 test-vmware sshd[25309]: Connection from 127.0.0.1 port 49091
Nov 1 08:30:47 test-vmware sshd[25325]: Connection from 127.0.0.1 port 49092
Nov 1 08:31:47 test-vmware sshd[25341]: Connection from 127.0.0.1 port 49093
Nov 1 08:32:48 test-vmware sshd[25357]: Connection from 127.0.0.1 port 49094
Nov 1 08:33:49 test-vmware sshd[25373]: Connection from 127.0.0.1 port 49095
Nov 1 08:34:49 test-vmware sshd[25389]: Connection from 127.0.0.1 port 49096
Nov 1 08:35:50 test-vmware sshd[25405]: Connection from 127.0.0.1 port 49097
Nov 1 08:36:50 test-vmware sshd[25414]: Connection from 127.0.0.1 port 49098
Nov 1 08:37:51 test-vmware sshd[25430]: Connection from 127.0.0.1 port 49099
Nov 1 08:38:52 test-vmware sshd[25446]: Connection from 127.0.0.1 port 49100
Nov 1 08:39:52 test-vmware sshd[25462]: Connection from 127.0.0.1 port 49101
Nov 1 08:40:53 test-vmware sshd[25478]: Connection from 127.0.0.1 port 49102
Nov 1 08:41:54 test-vmware sshd[25496]: Connection from 127.0.0.1 port 49103
Nov 1 08:42:54 test-vmware sshd[25512]: Connection from 127.0.0.1 port 49104
Nov 1 08:43:54 test-vmware sshd[25528]: Connection from 127.0.0.1 port 49105
Nov 1 08:44:54 test-vmware sshd[25544]: Connection from 127.0.0.1 port 49106
Nov 1 08:45:55 test-vmware sshd[25560]: Connection from 127.0.0.1 port 49107
Nov 1 08:47:03 test-vmware sshd[25576]: Connection from 127.0.0.1 port 49108
Nov 1 08:48:05 test-vmware sshd[25592]: Connection from 127.0.0.1 port 49109
Nov 1 08:49:05 test-vmware sshd[25608]: Connection from 127.0.0.1 port 49110
Whats wrong with sshd ? How can i stop this ?
Thanks for your advice!
Karo2k4
Looks like some sort of self-test. Do you have a trial edition of somesort?
Try looking in /etc/sshd.conf to see if anything strange is in there.
Then restart the service "service sshd restart"
If this doesn't resolve the problem then try to find test-vmware in any file on the service console. That should provide a good starting point to finding the problem.
Thx for your answer
All Server are fully licenced and there is nothing special configured in /etc/ssh/sshd_config 😕
the hostname "test-vmware" can be resolved too
Perhaps i have found the problem!
The default value of the LogLevel was set to "VERBOSE". I have changed it to "INFO".
Well, now the Logentries are disappeared, but for what are these checks used for ?
Karo2k4
Unless you've put it to verbose mode yourself you've only hidden the problem.
Just guessing:
The messages could for example be for an ESX host to check if it's SSH daemon is still working. If it would stop working then the ESX host could self-heal by restarting some services.
your're right. the problem is only hidden.
do you own an ESX Server ?
if yes, whats your setting of the sshd LogLevel ? Do you have "Verbose" or something different ?
The company I work for has about 16 hosts. I've looked on our test servers
Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel VERBOSE
Don't think I can help you much further. This would be a good question for the vmware people in this forum.
hmm interesting. well it seems that i have to investigate a litle further.
i havent found any other persons with this problem so far