[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Monitoring sshd

From: David Fletcher
Subject: Monitoring sshd
Date: Fri, 14 Nov 2003 17:15:24 +0000


Monitoring the sshd process on the local machine is resulting in an
endless stream of messages in /var/log/messages such as this:

sshd[3968]: Did not receive identification string from

I am using Monit 4.1, and OpenSSH_3.6.1p2 on Mandrake 9.1.

Looking at the file "protocols/ssh.c" in the Monit distribution reveals
that whatever identification string the server sends out, Monit sends
the same thing back. This should be fine, and meets specifications for
an SSH client. I don't know what is wrong. Could the carriage return and
line feed be getting lost and not included with the information sent
back to the server? They are a required part of the response.

Changing "protocols/ssh.c" to send back a pre-defined identification
string works fine, and the error messages disappear. Below is a version
of this file which works perfectly. A second string buffer is included,
giving the identification string as "SSH-2.0-Tester".

Have I missed something simple here? Perhaps there is a config option in
SSH to avoid these messages. I don't want to simply turn down the level
of logging, since I might miss people attempting to get in.

Thanks for any help you can give with this,


int check_ssh(Socket_T s) {

  char  buf[STRLEN];
  char  buf2[STRLEN];
  if(socket_read(s, buf, sizeof(buf)) <= 0) {
    log("SSH: error receiving identification string -- %s\n", STRERROR);
    return FALSE;

  if(strncmp(buf, "SSH-", 4) != 0) {
    log("SSH: protocol error %s\n", buf);
    return FALSE;

  sprintf(buf2, "%s", "SSH-2.0-Tester\r\n");
  /* send identification string back to server */
  if(socket_write(s, buf2, strlen(buf2)) <= 0) {
    log("SSH: error sending identification string -- %s\n", STRERROR);
    return FALSE;
  return TRUE;

Email address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]