Odd sshd entry in auth.log
Willem Jan Withagen
wjw at digiware.nl
Sat Sep 14 13:06:25 UTC 2013
On 2013-09-14 14:01, David Wolfskill wrote:
> Sep 13 12:43:24 albert sshd[43949]: fatal: Read from socket failed: Connection reset by peer [preauth]
I see plentyu of these, if only because I test the sshd availablity with
nagios without actually going thru the full login...
I just abort once I see sshd report it's availability on the port.
Hence the 'reset by peer [preauth].'
Like DES says:
Scanners generate more or less the same behavior.
They scan, and try to determine if you are running a vulnerable sshd or
something else they can work with....
I still have a wish on my todo to see if it is possible to report the
ipnr... And then block hosts with to many tries.
But it's not really high on the agenda...
--WjW
More information about the freebsd-security
mailing list