Too Many Connections on SSHD (Port 22)

[lenbradley]

I'm sorry if this issue has been addressed, but I couldn't find any solutions via search.

The server we are running (WHM 60.0 on CentOS 6.8) is continuously creating a lot of connections on port 22/SSH and I can't figure out why. Attached is a screenshot showing what exactly I am referring to. Connection will pretty quickly grow to 300+ and not go down, which is causing issues with SFTP connections. The only way I've found to alleviate the issue if to run "killall sshd" and then restart the SSH server.

I'm wondering if anybody has come across this problem and any insight on it? Thanks.

 

[cPanelMichael]

Hello,

It's likely a brute force attack on the SSHd service because it's running on the default port (22). You may want to consider changing the SSH port and making some additional security-related configuration changes based on the information on the following thread:

[Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening)

Thank you.

 

[NOC_Serverpoint]

Hi,

Also, you can try following the below article: cPHulk Brute Force Protection

For cPanel & WHM version 60

(Home >> Security Center >> cPHulk Brute Force Protection)


cPHulk Brute Force Protection - Version 60 Documentation - cPanel Documentation

Thank you,

 

[24x7server]

Hi,

It is better if you could restrict the SSHD service to restricted IPs, or you can add the current IP directly via WHM host access feature and add SSH restriction whenever needed.

Also, it is advised to have a wheel user used to login instead of direct root login to the server via SSH.

Use can also use CSF to monitor the IP connections over the SSH to give a better effect.