MonitorWare Knowledge Base

Your first source for knowledge

Skip to content

Did not receive identification string from UNKNOWN

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Post a reply

Did not receive identification string from UNKNOWN

Postby prakash.akumalla on Tue Aug 19, 2008 8:27 am

Hi,

Did not receive identification string from UNKNOWN

this is one of the new messages I came across today while i used rsyslog-3.18.1

The syslog tag for this message is showing as mentioned below

SysLogTag: sshd[3083]:

The number in the braces changes from message to message. I am receiving this message almost twice in 5 minutes.

What may be error and what is the solution to resolve this issue.
Any help appreciated.

thanks,
Prakash. :)
prakash.akumalla
Frequent Poster
 
Posts: 101
Joined: Thu Jun 26, 2008 2:37 pm
Top

Professional Services Information

  • Custom written rsyslog.conf?
  • Maintenance Contract?
  • Installation support?

Re: Did not receive identification string from UNKNOWN

Postby hkspvt on Tue Aug 19, 2008 2:42 pm

This is an error reported by the sshd process with pid 3083. You can find more information by googling for sshd and the log string, or checking some of the OpenSSH mailing lists.

-HKS
hkspvt
Frequent Poster
 
Posts: 113
Joined: Thu Jun 26, 2008 6:31 pm
Top

Re: Did not receive identification string from UNKNOWN

Postby prakash.akumalla on Wed Aug 20, 2008 5:35 am

Thanks for your reply, I will try that

Prakash.
prakash.akumalla
Frequent Poster
 
Posts: 101
Joined: Thu Jun 26, 2008 2:37 pm
Top

Re: Did not receive identification string from UNKNOWN

Postby prakash.akumalla on Wed Aug 20, 2008 6:12 am

Hi,
I am very much confused. I did not make any changes today. But when I switched on my box and started rsyslog and i waited for almost one hour, but I did not receive any message saying that

Did not receive identification string from UNKNOWN

I received this message atleast twice in 5 minutes yesterday.

I did not modify any of my files in my box or the files related to rsyslog.

why is this happening so?

Thanks,
Prakash. :)
prakash.akumalla
Frequent Poster
 
Posts: 101
Joined: Thu Jun 26, 2008 2:37 pm
Top

Re: Did not receive identification string from UNKNOWN

Postby prakash.akumalla on Wed Aug 20, 2008 7:42 am

Hi,
I remember that earlier also I faced the same problem few days.
At that time the message is

Connection closed by unknown
Is there any relation between these two type of messages.

Prakash.
prakash.akumalla
Frequent Poster
 
Posts: 101
Joined: Thu Jun 26, 2008 2:37 pm
Top

Re: Did not receive identification string from UNKNOWN

Postby hkspvt on Wed Aug 20, 2008 5:23 pm

SSH Is a network facing daemon. The vast majority of its logging messages are the result of attempted logins. Any machine running SSH on the internet is going to receive dozens/hundreds/thousands/millions of attempts sooner or later, it's just a matter of being found by the script kiddies and botnets. If you turn your machine off, most of them detect the connection refusal and stop attempting to login (until the next port scan notices that it's open).

That said, this is purely an SSH matter. If you're curious about increasing security and what can be done to prevent these messages, the OpenSSH community is the one to talk to.

-HKS
hkspvt
Frequent Poster
 
Posts: 113
Joined: Thu Jun 26, 2008 6:31 pm
Top

Google Ads

Post a reply

Return to Configuration

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
phpBB SEO

Time : 0.023s | 13 Queries | GZIP : On
cron