Results 1 to 5 of 5
  1. #1
    Join Date
    Aug 2006
    Posts
    57

    * cPanel dedicated server sshd issue, confused.

    Hi everyone!
    Here I got a sshd issue, which confused me a lot. I just purchased a dedi yesterday. cPanel11+WHM panel, Fedora7 system. When I use top -c to check the system, most of the times I would see four or five sshd processes "sshd: unknown [priv]" are running, and about 5 minutes later they will disappear.

    Details can be viewed from this snapshot:
    http://img443.imageshack.us/img443/9267/snapjs3.gif

    Does anyone know why? Thanks.

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Run the following line from the comand to get more details on this process.

    lsof -p PID

    For established ssh connection you can see a line as follows.

    sshd PID user xx IPv6 xxxxxx TCP hostnamesh->client_IP:higher_number_port (ESTABLISHED)
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    Join Date
    Jul 2007
    Posts
    55
    That is abnormal.

    check how many users are logged on.
    L
    I work with a cup of tea, prefer green tea.

  4. #4
    Join Date
    Aug 2006
    Posts
    57
    Thank you for the suggestions.

    However, the problem is, the PID of the unknown sshd connections keep on increasing all the time. Like at this second, the PID is 12300, then it will change to 12301 in the next second and 12300 is killed automatically. And I checked the server, at that time only one user was logining in using ssh. This situation will keep on for about 5 minutes, then all the unknown sshd will gone. So what can the problem be?

  5. #5
    Join Date
    Aug 2006
    Posts
    57
    problem fixed. I think some ips of mine were used by someone else in taiwan before, cuz there are still two IPs resolving to a domain's nameservers which is owned by a guy from taiwan. But the confusing thing is why this guy still try to connect by ssh everyday.... I see his IP from taiwan after run netstat.
    So, I changed sshd's listen address and the port, it's now ok. complicated issue..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •