The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Too Many Connections on SSHD (Port 22)

Discussion in 'Security' started by lenbradley, Jan 16, 2017.

Tags:
  1. lenbradley

    lenbradley Registered

    Joined:
    Nov 19, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I'm sorry if this issue has been addressed, but I couldn't find any solutions via search.

    The server we are running (WHM 60.0 on CentOS 6.8) is continuously creating a lot of connections on port 22/SSH and I can't figure out why. Attached is a screenshot showing what exactly I am referring to. Connection will pretty quickly grow to 300+ and not go down, which is causing issues with SFTP connections. The only way I've found to alleviate the issue if to run "killall sshd" and then restart the SSH server.

    I'm wondering if anybody has come across this problem and any insight on it? Thanks.
     

    Attached Files:

  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. NOC_Serverpoint

    NOC_Serverpoint Well-Known Member

    Joined:
    Jul 3, 2016
    Messages:
    102
    Likes Received:
    6
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
  4. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,399
    Likes Received:
    52
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    It is better if you could restrict the SSHD service to restricted IPs, or you can add the current IP directly via WHM host access feature and add SSH restriction whenever needed.

    Also, it is advised to have a wheel user used to login instead of direct root login to the server via SSH.

    Use can also use CSF to monitor the IP connections over the SSH to give a better effect.
     
Loading...

Share This Page