Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have 2 servers A & B. both installed on different locations. both can ping and traceroute each other but there is no load shareing (both performing same functionality but independently). when i checked of server B /var/adm/messages, i can see that server A is trying to connect to server B but getting failed. and this is going on for long time. i mean it's not like someone manually try to enter but automatically its happening. i have already checked in cronjob but there is nothing. here are the logs,
May 3 11:01:27 Server A sshd[19269]: [ID 800047 auth.info] Failed password for user_id from 10.xxx.xxx.xxx port 53350 ssh2
May 3 11:01:27 Server A sshd[19271]: [ID 800047 auth.info] Failed password for user_id from 10.xxx.xxx.xxx port 53351 ssh2
May 3 11:01:27 Server A last message repeated 2 times
I would really appriciate some help on this. btw, there is no id_rsa or id_dsa file.
Can you check on server A what kind of user (system or human) "user_id" is? If it is a system user, is it for some monitoring or syncing application? If that doesn't reveal anything, is there sufficient network and process logging on server A to correlate logline times to reconstruct something?
well, the user is the default user of the system. and i checked yesterday's logging, and it revealed that last time i got this failed login message was 1544hrs and that time i was logged into the system and i left system at 1730hrs. and this message again started coming this morning at 10044hrs. now, point s, if there is no script running and there is no entry in cronjob, how can i find what's going on?
Please be more specific. The name of the user might be a clue.
Quote:
Originally Posted by asad83
if there is no script running and there is no entry in cronjob, how can i find what's going on?
Please be more specific. Crontab as in "crontab -l" or /etc/crontab or 'cat /var/spool/cron/*'? Also post the distribution and major kernel version (as in 2.4 or 2.6). And do you have a list of networked software on server A? You could continuously run 'netstat -antpe' to show the PID and UID of networked processes, 'lsof -P -n -i tcp:22' would do the same, run Auditd if your distro allows it or just block traffic to the host/port and see what breaks. Also see 'last', 'who', 'lastlog', 'lastb' to get a fix on human/system users. Posting back verbosely would be appreciated.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
