Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSHD vulnerability?

Discussion in 'General Discussion' started by apodigm, Jun 28, 2004.

  1. apodigm

    apodigm Well-Known Member

    May 12, 2003
    Likes Received:
    Trophy Points:
    here are some strange entries in my logwatch...

    --------------------- pam_unix Begin ------------------------
    Authentication Failures:
    unknown ( ): 2 Time(s)
    Unknown Entries:
    1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= : 1 Time(s)
    Invalid Users:
    Unknown Account: 3 Time(s)
    ---------------------- pam_unix End -------------------------

    --------------------- Connections (secure-log) Begin -----------
    Service imap: 11 Time(s) 183 Time(s)
    ---------------------- Connections (secure-log) End -----------

    --------------------- SSHD Begin ------------------------

    Failed logins from these:
    esx/password from 2 Time(s)
    evilst/password from 1 Time(s)

    **Unmatched Entries**
    Protocol major versions differ for SSH-1.99-OpenSSH_3.6.1p2 vs. SSH-9.9-NessusSSH_1.0 Protocol major versions differ for SSH-1.99-OpenSSH_3.6.1p2 vs. SSH-9.9-NessusSSH_1.0 Illegal user esx from Illegal user esx from Illegal user evilst from

    ---------------------- SSHD End -------------------------

    Based on this it looks like he was blocked. But I still think it is strange that there was protocol mismatch for the SSH software.

    Anyone dealt with this before?
  2. chirpy

    chirpy Well-Known Member Verifed Vendor

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    The protocol mis-match is nothing unusual. The client may have been trying to use SSHv1 and your server may be configured to only accept SSHv2. Certainly not a vulnerability, just someone trying to gain SSH access to the server.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice