Ubuntu: sshd keeps spawning child processes



Question:

axfelix@shoebox:~$ ps aux | grep sshd  root      1182  0.0  0.0  65612  6620 ?        Ss   Apr28   0:02 /usr/sbin/sshd -D  root      1857  1.0  0.0 107080  7052 ?        Ss   11:23   0:00 sshd: root [priv]  sshd      1858  0.0  0.0  66956  3228 ?        S    11:23   0:00 sshd: root [net]  root      1859  1.2  0.0 107080  7160 ?        Ss   11:23   0:00 sshd: root [priv]  sshd      1860  0.0  0.0  66956  3220 ?        S    11:23   0:00 sshd: root [net]  axfelix   1862  0.0  0.0  15240   936 pts/5    S+   11:23   0:00 grep --color=auto sshd  axfelix@shoebox:~$ pstree -p 1182  sshd(1182)â"€â"¬â"€sshd(1859)â"€â"€â"€sshd(1860)             â""â"€sshd(1863)â"€â"€â"€sshd(1864)  axfelix@shoebox:~$ pstree -p 1182  sshd(1182)â"€â"¬â"€sshd(1884)â"€â"€â"€sshd(1885)             â""â"€sshd(1886)â"€â"€â"€sshd(1887)  

any idea what this is about?


Solution:1

It is normal behavior when somebody is trying to connect to your computer. There are two new processes for each connection. And all the public IP addresses in the wild of the Internet are scanned by the bots, hacker, or just researchers.

If you plan to run ssh on public IP (or forwarding on the router to your PC), it is a good idea to disable password authentication and set up fail2ban at least.


Solution:2

Oh, looks like someone was trying to break into my machine :)

Turned off the port 22 forwarding rule on my route for now and they've gone away.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »