HPE Community
Operating System - Linux
1829107 Members
2494 Online
109986 Solutions
New Discussion

sshd identification string within enclosures

 
Fialia
Occasional Contributor

‎05-12-2008 01:05 AM

‎05-12-2008 01:05 AM

sshd identification string within enclosures

I have a couple of blade enclosures with 8 HP Proliant blades in each. In each of the blades this shows up in the messages log:
sshd[xxxx]: Did not receive identification string from

So in every blade of the first enclosure its the IP address of the first blade in that enclosure that is logged, including in the first blade itself. In the second enclosure its the same, except its the IP address of the first blade of the 2nd enclosure that shows up.

They are all in the same subnet and none of the blades has a connection to the Internet. There is no problem logging in with ssh from one node to the other. The OS is SLES10, SP1. Actually this issue is not really a problem as such, it just generates a lot of logging. Is it supposed to be like that, or is there anything I can do that will stop the logging? (Aside from configuring syslog-ng to filter it out.)
0 Kudos
Reply
4 REPLIES 4
Goncalo Gomes
New Member

‎05-12-2008 01:36 AM

‎05-12-2008 01:36 AM

Re: sshd identification string within enclosures

Have you setup any monitoring system like Nagios/ZenOSS on blade1? That message is usually generated when you happen to do, for example: telnet 22
0 Kudos
Reply
Zeev Schultz
Honored Contributor

‎05-12-2008 03:03 AM

‎05-12-2008 03:03 AM

Re: sshd identification string within enclosures

It may happen if first blade of each enclosure tries to scan sshd on each blade. See here for example:

http://forums.spry.com/showthread.php?p=608

Now,I'm not saying that your blades go through ssh brute force scan but it could be some sort of management software (either HP or non-HP) that does this scanning to keep an eye on blades?

Basically to find out run a sniffer on one of your blades (i.e Ethereal or tcpdump) and watch for traffic on port 22 (default sshd). Once you discover the port on the remote server(your first blade in enclosure) that generates this traffic - go to first blade and find a process running on this port (with lsof).

So computers don't think yet. At least not chess computers. - Seymour Cray
0 Kudos
Reply
Fialia
Occasional Contributor

‎05-14-2008 01:07 AM

‎05-14-2008 01:07 AM

Re: sshd identification string within enclosures

OK, so this is basically generated by some kind of scanning software that is not let through?
There is scanning software on all of them that probably generates these messages. As far as I know the first blade should be no different than the others in that respect though. Is there anything in the blade/enclosure setup that singles out the first blade in this way?
0 Kudos
Reply
Mark Galata
New Member

‎11-20-2008 04:18 AM

‎11-20-2008 04:18 AM

Re: sshd identification string within enclosures

Just because there is strength in numbers--I have the very same problem with our blade servers...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.