HPE Community
Operating System - HP-UX
1753956 Members
7288 Online
108811 Solutions
New Discussion

sshd errors in syslog.

 
SOLVED
Go to solution
marvin51796
Regular Advisor

‎03-16-2015 06:08 AM

‎03-16-2015 06:08 AM

sshd errors in syslog.

we are running 11vi3 patched to 2014 on bl890's and we are getting this message in the syslog ..ALOT could someone explain what this means? is this just ssh resetting or are we haveing an issue??

 

 

 

Sep 24 21:00:52 server01 sshd[23242]: Received SIGHUP; restarting.
Sep 24 21:00:52 server01 sshd[27657]: Server listening on :: port 22.
Sep 24 21:00:52 server01 sshd[27657]: Server listening on 0.0.0.0 port 22.
Sep 24 21:03:34 server01 sshd[10810]: SSH: Server;Ltype: Kex;Remote: 199.204.56.21-50383;Enc: aes256-ctr;MAC: hmac-sha1;Comp: none

thanks for any help.

 

0 Kudos
Reply
6 REPLIES 6
Patrick Wallek
Honored Contributor

‎03-16-2015 08:15 AM

‎03-16-2015 08:15 AM

Re: sshd errors in syslog.

It does appear as if SSH is being killed and restarted.

 

I can duplicate your  messages by issuing a 'kill -HUP' command against the /opt/ssh/sbin/sshd process.

 

If this is occurring regularly that would seem abnormal to me.

 

I don't see anything similar in HP's knowledge base or via a Google search that indicates this is a widespread issue.

0 Kudos
Reply
marvin51796
Regular Advisor

‎03-16-2015 08:56 AM

‎03-16-2015 08:56 AM

Re: sshd errors in syslog.

It is happening on alot of my server , 10 so far about every hour on the hour...

0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎03-16-2015 09:17 AM

‎03-16-2015 09:17 AM

Solution

Re: sshd errors in syslog.

If it is happening at the same time, check cron and see if there are any cron jobs that may be doing this.

 

 

Reply
pooderbill
Valued Contributor

‎03-16-2015 06:44 PM - edited ‎03-16-2015 06:47 PM

‎03-16-2015 06:44 PM - edited ‎03-16-2015 06:47 PM

Re: sshd errors in syslog.

SIGHUP means that the connection has been terminated. In the "good old days", a network connection was between a terminal or another computer using a modem, but line noise or a bad connection would cause the modem to hang up. So the communication program would receive the HUP (hangup) signal, SIGHUP. For modern systems, a SIGHUP is usually caused by severe network problems. A bad switch or router, or more commonly, half-duplex for 100  Mbit or faster connections. For all the LAN connections (lan0, lan1, lan2...), check the conection like this:

 

# lanadmin -x 0
Speed = 1000 Full-Duplex.
Autonegotiation = On.

# lanadmin -x 1
Speed = 10000 Full Duplex.

# lanadmin -x 2
Current Config                   = 100 Full-Duplex AUTONEG

 

The format will be different for different versions of HP-UX and LAN cards.

The key word is Full Duplex. Anything that says Half Duplex is unless you are running 25-30 year old hardware with 10 Mbit links. To verify the Half Duplex issue, change -x to -g as in lanadmin -g 0

The bottom half (after Index) of the listing will be all zeros for a healthy link.

 

If the duplex is correct, look at your switch and router logs, specifically for arp, broadcast or discovery storms which will affect multiple systems.

0 Kudos
Reply
marvin51796
Regular Advisor

‎03-25-2015 05:47 AM

‎03-25-2015 05:47 AM

Re: sshd errors in syslog.

This is something our vendor setup..not sure why but they are causing it via cfengine, will have to figure out if we still need this or not..

thanks for the help.

 

 

solved

0 Kudos
Reply
RenatoMartini
Frequent Advisor

‎04-07-2015 10:37 PM

‎04-07-2015 10:37 PM

Re: sshd errors in syslog.

It's possible the SIGHUP signal abnormaly shuts down the SSHD, and generates a "core dump" file, if you can read and investigate it, will can get more info. 

--Renato Martini (Brazil)
http://renatomartini.net
http://www.iti.gov.br
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.