-   Solaris / OpenSolaris (
-   -   SSH: Connection Reset by Peer (

czezz 06-25-2009 06:05 PM

SSH: Connection Reset by Peer
On Solaris 10 SPARC I have NO problem with establishing SSH connections.
Here is proof:

# svcs -a | grep ssh
online Jun_02 svc:/network/ssh:default

...but here is what can be found in /var/adm/messages


Jun 7 04:09:16 my_host sshd[11701]: [ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer
This messages does not appear during I establish my ssh connection. It appears irregular.

Does anyone know whats going on ?

choogendyk 06-25-2009 09:45 PM

First, the fact that the service is online is no proof that you can make connections. Making a connection is proof.

Is this a server? What is it doing? Is it just yours? Or are lots of people using it? Is there anything just before that in messages that relates to it? Can you correlate the times with your other logs? Auth log? How often does it happen? Have you got logging set high?

It's hard to tell with the little provided, but there have been numerous attacks on ssh. Some are intelligent enough to try not to overload your logs. You can configure your system to be much more restrictive about allowing attempts. You can use tcpwrappers to restrict access. You can use a firewall to block IP addresses that repeatedly try and fail on ssh connections. The connection reset by peer is suspicious. It usually occurs the other way around -- you try to ssh to a server and it drops your connection because tcpwrappers doesn't allow you in. This looks like the person or bot trying to ssh to your machine is then resetting the connection.

AlucardZero 06-26-2009 08:37 AM

Network problems happen all the time. From what you provided we can't tell what connection was reset, but it's probably just because some part of the network broke for a moment.

All times are GMT -5. The time now is 04:16 PM.