Ubuntu
openssh package

/var/log/auth spam every 2 mins: sshd[*]: Connection closed by 127.0.0.1 [preauth]

Bug #965654 reported by JP Vossen
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
New
Low
Unassigned

Bug Description

Description: Ubuntu precise (development branch)
Release: 12.04

openssh-server-1:5.9p1-4ubuntu1

Not really sure that OpenSSH is the real culprit, but it's what has been reporting the log spam since I upgraded from 10.10 to 12.04 a day or two ago:

$ sudo grep 'Connection closed by 127.0.0.1' /var/log/auth.log | tail
Mar 26 14:27:19 perry2 sshd[16380]: Connection closed by 127.0.0.1 [preauth]
Mar 26 14:29:19 perry2 sshd[16383]: Connection closed by 127.0.0.1 [preauth]
Mar 26 14:31:19 perry2 sshd[26767]: Connection closed by 127.0.0.1 [preauth]
Mar 26 14:33:19 perry2 sshd[7300]: Connection closed by 127.0.0.1 [preauth]
Mar 26 14:35:19 perry2 sshd[19270]: Connection closed by 127.0.0.1 [preauth]
Mar 26 14:37:19 perry2 sshd[31926]: Connection closed by 127.0.0.1 [preauth]
Mar 26 14:39:19 perry2 sshd[1696]: Connection closed by 127.0.0.1 [preauth]
Mar 26 14:41:19 perry2 sshd[1700]: Connection closed by 127.0.0.1 [preauth]
Mar 26 14:43:19 perry2 sshd[1703]: Connection closed by 127.0.0.1 [preauth]
Mar 26 14:45:19 perry2 sshd[1709]: Connection closed by 127.0.0.1 [preauth]

$ sudo zgrep -c 'Connection closed by 127.0.0.1' /var/log/auth.log*
/var/log/auth.log:934
/var/log/auth.log.1:595
/var/log/auth.log.2.gz:0
/var/log/auth.log.3.gz:0
/var/log/auth.log.4.gz:0

$ ll /var/log/auth.log*
-rw-r----- 1 syslog adm 128K Mar 26 14:52 /var/log/auth.log
-rw-r----- 1 syslog adm 132K Mar 25 07:52 /var/log/auth.log.1
-rw-r----- 1 syslog adm 2.1K Mar 23 16:25 /var/log/auth.log.2.gz
-rw-r----- 1 syslog adm 18K Feb 26 07:45 /var/log/auth.log.3.gz
-rw-r----- 1 syslog adm 19K Feb 19 07:45 /var/log/auth.log.4.gz

James Page (james-page)
Changed in openssh (Ubuntu):
importance: Undecided → Low
Revision history for this message
Matthew O'Riordan (matthew-oriordan) wrote :

I have this same problem, however I know the cause of the problem.

I am using Monit which checks that SSHd is responding, so every time it checks, a log entry is made.

Is there possibly some way to reduce the amount of logging by SSHd?

Revision history for this message
Matthew O'Riordan (matthew-oriordan) wrote :

I changed LogLevel to ERROR in /etc/ssh/sshd_config and the warnings are now gone

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.