sshd: "Generating new 768..." ?

To: debian-security@lists.debian.org
Subject: sshd: "Generating new 768..." ?
From: Michelle Konzack <linux4michelle@freenet.de>
Date: Fri, 1 Apr 2005 16:51:22 +0200
Message-id: <[🔎] 20050401145122.GX1163@freenet.de>

Hello,

for some seconds I have checked the daily sshd log and seen this:

  __( '/var/log/sshd.log' )_____________________________________________
 /
| Apr  1 00:15:47 samba3 sshd[6789]: Received SIGHUP; restarting.
| Apr  1 00:15:48 samba3 sshd[20455]: socket: Address family not supported by protocol
| Apr  1 00:15:48 samba3 sshd[20455]: Server listening on 0.0.0.0 port 22.
| Apr  1 00:15:48 samba3 sshd[20455]: Generating 768 bit RSA key.
| Apr  1 00:15:48 samba3 sshd[20455]: RSA key generation complete.
| Apr  1 07:26:42 samba3 sshd[27591]: Connection from 211.121.153.27 port 3624
| Apr  1 07:26:44 samba3 sshd[27591]: Illegal user test from 211.121.153.27
| Apr  1 07:26:45 samba3 sshd[27591]: error: Could not get shadow information for NOUSER
| Apr  1 07:26:45 samba3 sshd[27591]: Failed password for illegal user test from 211.121.153.27 port 3624 ssh2
| Apr  1 07:26:46 samba3 sshd[27593]: Connection from 211.121.153.27 port 3711
| Apr  1 07:26:48 samba3 sshd[27593]: Illegal user guest from 211.121.153.27
| Apr  1 07:26:49 samba3 sshd[27593]: error: Could not get shadow information for NOUSER
| Apr  1 07:26:49 samba3 sshd[27593]: Failed password for illegal user guest from 211.121.153.27 port 3711 ssh2
| Apr  1 07:26:49 samba3 sshd[27595]: Connection from 211.121.153.27 port 3794
| Apr  1 07:26:52 samba3 sshd[27595]: Illegal user admin from 211.121.153.27
| Apr  1 07:26:52 samba3 sshd[27595]: error: Could not get shadow information for NOUSER
| Apr  1 07:26:52 samba3 sshd[27595]: Failed password for illegal user admin from 211.121.153.27 port 3794 ssh2
| Apr  1 07:26:53 samba3 sshd[27597]: Connection from 211.121.153.27 port 3874
| Apr  1 07:26:56 samba3 sshd[27597]: Illegal user admin from 211.121.153.27
| Apr  1 07:26:56 samba3 sshd[27597]: error: Could not get shadow information for NOUSER
| Apr  1 07:26:56 samba3 sshd[27597]: Failed password for illegal user admin from 211.121.153.27 port 3874 ssh2
| Apr  1 07:26:57 samba3 sshd[27599]: Connection from 211.121.153.27 port 3960
| Apr  1 07:27:06 samba3 sshd[27599]: Illegal user user from 211.121.153.27
| Apr  1 07:27:06 samba3 sshd[27599]: error: Could not get shadow information for NOUSER
| Apr  1 07:27:06 samba3 sshd[27599]: Failed password for illegal user user from 211.121.153.27 port 3960 ssh2
| Apr  1 07:27:07 samba3 sshd[27659]: Connection from 211.121.153.27 port 4179
| Apr  1 07:27:15 samba3 sshd[27659]: Failed password for root from 211.121.153.27 port 4179 ssh2
| Apr  1 07:27:15 samba3 sshd[27661]: Connection from 211.121.153.27 port 4372
| Apr  1 07:27:18 samba3 sshd[27661]: Failed password for root from 211.121.153.27 port 4372 ssh2
| Apr  1 07:27:19 samba3 sshd[27663]: Connection from 211.121.153.27 port 4462
| Apr  1 07:27:22 samba3 sshd[27663]: Failed password for root from 211.121.153.27 port 4462 ssh2
| Apr  1 07:27:23 samba3 sshd[27665]: Connection from 211.121.153.27 port 4555
| Apr  1 07:27:25 samba3 sshd[27665]: Illegal user test from 211.121.153.27
| Apr  1 07:27:26 samba3 sshd[27665]: error: Could not get shadow information for NOUSER
| Apr  1 07:27:26 samba3 sshd[27665]: Failed password for illegal user test from 211.121.153.27 port 4555 ssh2
| Apr  1 08:26:42 samba3 sshd[20455]: Generating new 768 bit RSA key.
| Apr  1 08:26:43 samba3 sshd[20455]: RSA key generation complete.
 \______________________________________________________________________

At 08:26:42 I was sleeping...
So it was not me.

If I "/etc/init.d/ssh restart" then I get:

  __( '/var/log/sshd.log' )_____________________________________________
 /
| Apr  1 00:15:47 samba3 sshd[6789]: Received SIGHUP; restarting.
| Apr  1 00:15:48 samba3 sshd[20455]: socket: Address family not supported by protocol
| Apr  1 00:15:48 samba3 sshd[20455]: Server listening on 0.0.0.0 port 22.
| Apr  1 00:15:48 samba3 sshd[20455]: Generating 768 bit RSA key.
| Apr  1 00:15:48 samba3 sshd[20455]: RSA key generation complete.
 \______________________________________________________________________

Is this normal:

  __( '/var/log/sshd.log' )_____________________________________________
 /
| Apr  1 08:26:42 samba3 sshd[20455]: Generating new 768 bit RSA key.
| Apr  1 08:26:43 samba3 sshd[20455]: RSA key generation complete.
 \______________________________________________________________________

Never (since 2005-01-01) I have seen that "sshd" generate a NEW key.
I have greped for it and only yesterday and today morning I have
such entry.

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Attachment: signature.pgp
Description: Digital signature

Reply to:

Follow-Ups:
- Re: sshd: "Generating new 768..." ?
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: Darn skiddies (ssh login attempts)
Next by Date: Re: Darn skiddies (ssh login attempts)
Previous by thread: Re: Darn skiddies (ssh login attempts)
Next by thread: Re: sshd: "Generating new 768..." ?
Index(es):
- Date
- Thread