Bernard Mentink
Contributor
- Joined
- Apr 2, 2016
- Messages
- 193
Hi All,
I have sshd service enabled on my box with public/private key authentication and on an odd port. I am finding recently that I am seeing 4 or 5 sshd processes popping up overnight pushing my load average up past 5. Nobody is logged in at the time ... I don't know what is starting those processes.
I can't see how I am being hacked as no one has my private key but me .... and I can't see any additional users .. (password authentication is off)
(Yes, I know it is not ideal to have my box visible externally, but hey, if ssh has been hacked, everyone is in big trouble .. and everyone would know about it )
What can I do to find how these processes are being started ..
Cheers,
EDIT: I see what the issue is: When I login from a client, then logout ... the terminal won't exit. I then CTRL-C to get out which leaves the sshd process running on the server at 50% CPU and it never releases ... if I repeadedly do this, I get lot's of CPU hungry sshd sessions running that won't go away until I do a "killall sshd" is this a bug?
I have sshd service enabled on my box with public/private key authentication and on an odd port. I am finding recently that I am seeing 4 or 5 sshd processes popping up overnight pushing my load average up past 5. Nobody is logged in at the time ... I don't know what is starting those processes.
I can't see how I am being hacked as no one has my private key but me .... and I can't see any additional users .. (password authentication is off)
(Yes, I know it is not ideal to have my box visible externally, but hey, if ssh has been hacked, everyone is in big trouble .. and everyone would know about it )
What can I do to find how these processes are being started ..
Cheers,
EDIT: I see what the issue is: When I login from a client, then logout ... the terminal won't exit. I then CTRL-C to get out which leaves the sshd process running on the server at 50% CPU and it never releases ... if I repeadedly do this, I get lot's of CPU hungry sshd sessions running that won't go away until I do a "killall sshd" is this a bug?
Last edited: