Other *NIXThis forum is for the discussion of any UNIX platform that does not have its own forum. Examples would include HP-UX, IRIX, Darwin, Tru64 and OS X.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, we are noticing 30 - 40 sshd pids on our hpux server. No one to my knowledge is logging in with ssh. All user log in through telnet. Here is a sample when I grep for sshd
FIRST: Quit using telnet - it is a major security hole. You should be using ssh instead.
Having said that some ideas for investigation:
Is it possible the users are logging in via telnnet then doing ssh OUT to some other system?
Is it possible the users are doing scp or sftp file transfers? Both of those rely on ssh setup.
If you don't already have it download lsof. You can run "lsof -p <pid> -a -i" to see any network connections related the process ID you specify so you can tell what the other side of the connection is.
Also run "lsof -i :22" to see if sshd is actually doing a LISTEN. You might try turning off the pid that is LISTENing to see if it stops anything working. It may be you have an application that is automatically opening ssh connections for some reason.
Make sure you run "ps -ef |grep <pid>" to determine any related processes (parents or children) to the ones you found.
Look at logs in /var/adm/syslog directory to see if they provide any additional details.
Check for ~<user>/.ssh/authorized_keys files in the home directories of the users. It may be that even though most users don't use ssh that you've got some that know about and have setup ssh trusts from other machinnes to allow quick login without password.
If you have Windows uers running PuTTY it allows for telnet (port 23) but defaults to ssh (port 22). You may simply have users using ssh without realizing they are due to a default to port 22.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.