From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id XQQ/J4Is+GJTCwAAbAwnHQ (envelope-from ) for ; Sun, 14 Aug 2022 00:58:10 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id uJ8nJoIs+GLe8QAAauVa8A (envelope-from ) for ; Sun, 14 Aug 2022 00:58:10 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 2B2918D5D for ; Sun, 14 Aug 2022 00:58:10 +0200 (CEST) Received: from localhost ([::1]:45062 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oN053-0000Sv-CW for larch@yhetil.org; Sat, 13 Aug 2022 18:58:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51054) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oN04w-0000Sn-3L for bug-guix@gnu.org; Sat, 13 Aug 2022 18:58:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:45593) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oN04v-0008Pq-Qf for bug-guix@gnu.org; Sat, 13 Aug 2022 18:58:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oN04v-0000XP-Mw for bug-guix@gnu.org; Sat, 13 Aug 2022 18:58:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#56866: [Shepherd] inetd connections not correctly counted? Resent-From: Joshua Branson Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sat, 13 Aug 2022 22:58:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56866 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 56866@debbugs.gnu.org Received: via spool by 56866-submit@debbugs.gnu.org id=B56866.16604314522030 (code B ref 56866); Sat, 13 Aug 2022 22:58:01 +0000 Received: (at 56866) by debbugs.gnu.org; 13 Aug 2022 22:57:32 +0000 Received: from localhost ([127.0.0.1]:35342 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oN04R-0000Wf-Jm for submit@debbugs.gnu.org; Sat, 13 Aug 2022 18:57:32 -0400 Received: from mx1.dismail.de ([78.46.223.134]:9267) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oN04P-0000WR-6a for 56866@debbugs.gnu.org; Sat, 13 Aug 2022 18:57:30 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 502709d9; Sun, 14 Aug 2022 00:57:22 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type:content-transfer-encoding; s=20190914; bh=tKaaTCIB jFq99ILqfPyVenJsbTUtP1mkuzwPUX1/CnY=; b=YDKZe16kOsx53OykHZ5nIlro sgoP4depH14x5DmY/HpPb5jrVjJvA72B1ngazVPKh+l+NxKO2op923ve2CFWBzE3 MFsqbKroxOTUP4+XQ/DdM1bLCsfZQl1IQAdYJyFo9BYkLsMQIAsySlczrdcYNIRv 6w+NVWA+i08b6qxdBBjj8pwylA398W1LXKxa+KeZIzbYHt0mHxiFYxP0pThBJjQz nN3B91EZExy8g5ge1ruU+mWH5KJx21gYgkJoYBCTzrXRi9hi1w+g02H5OAoVBlxD LIuSilsgfQGq01O1rEo6Ak5syGT0L/WwoAyb0JysKdcghhGWzCf0NXwSiUYI4g== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id a9e97260; Sun, 14 Aug 2022 00:57:21 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 757f2753; Sun, 14 Aug 2022 00:57:21 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id c353e1a9 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 14 Aug 2022 00:57:20 +0200 (CEST) References: <87bkt42w8c.fsf@inria.fr> <87mtcd13k2.fsf@gnu.org> X-Gnus-Sucks: I know man Date: Sat, 13 Aug 2022 18:57:18 -0400 In-Reply-To: <87mtcd13k2.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Tue, 09 Aug 2022 23:59:25 +0200") Message-ID: <87ilmvn44x.fsf@dismail.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" Reply-to: Joshua Branson From: Joshua Branson via Bug reports for GNU Guix X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1660431490; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=5dpglwtOy2jd0fIYUIqRW1GCR5YQ09qQCOm0myGgLYE=; b=jCoDSDeIds6niQUr71s21fDmY6GGi2l4Ns1yIERsU0t7QQtmfCdm475ALhhgE3ARj5bBWQ ba09pxNW65eiD1lYUDZQkqsqj9jdWXyrV9nxVuC3VPgPU/b3IHidkxqwH8PY6SsvpI40p5 VgOsaluDhAqpVvXcNiI6Ucb06QJHC7BSJxtHXzT6KUYtYvON4KtxKpg2a/sSgTps/xKR03 7MrrsFR8qfapVIwTWmtF0LTqxijKj5hMmYzaPOZgLqtLC5+6J0fF9WZIIgIciAGGBkqfH5 aNIZycrTGJYlebc9ZkjjTucyeLpKb2nX4/9dBp8rpShYqSpefGwS0y012m1o5w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1660431490; a=rsa-sha256; cv=none; b=JzuF1xWzQfEsfa3Y23MQHjf7rkdoNAK3t1FfciTzjP9tfai88MC1fI9hOfXN1zVCsffCJs nLDwfVox1YaaHjHuGFPIEP7THBSk6hx5+c50PFHinXvcerOsQtT0WWkwB3l6axE8rfKc6k rctCoZUXm1tOHCjNaMMmxvoXwuBX95rPQsZtZmXwmXb7i689lBSFpZZ2Z4bceALXhbj94A 6R3MT2SR0b+07APuEOQX8Oq5iS2RA/uaLsNaij2ylxWtQi7mt9t6zW9id8hctqe6X0eYfB mNSMmNEHy80bXIvnB5uG48eYefuQEEUMqWjMFVy/+0HytreDiRH/OuggqXS+rg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=dismail.de header.s=20190914 header.b=YDKZe16k; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.46 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=dismail.de header.s=20190914 header.b=YDKZe16k; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 2B2918D5D X-Spam-Score: -3.46 X-Migadu-Scanner: scn0.migadu.com X-TUID: zOIz+8iAbNNY Ludovic Court=C3=A8s writes: > Hi, > > Ludovic Court=C3=A8s skribis: > >> We recently experienced a bug on berlin.guix where we=E2=80=99d be locke= d out of >> SSH access because shepherd (0.9.1) would say that the maximum >> connection number on the sshd inetd service had been reached. Perhaps we could merge bug https://issues.guix.gnu.org/39136 And use endlessh on berlin. That might help. > > On berlin.guix, which is getting hammered, we see things like this: > > Aug 9 23:32:13 localhost shepherd[1]: Service sshd-4183 (PID 55570) exit= ed with 255. > Aug 9 23:32:13 localhost shepherd[1]: Service sshd-4183 has been disable= d. > Aug 9 23:32:13 localhost shepherd[1]: Transient service sshd-4183 termin= ated, now unregistered. > Aug 9 23:32:15 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:39528. > Aug 9 23:32:15 localhost shepherd[1]: Service sshd-4189 has been started. > Aug 9 23:32:20 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:40378. > Aug 9 23:32:21 localhost shepherd[1]: Service sshd-4190 has been started. > Aug 9 23:32:25 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:41190. > Aug 9 23:32:25 localhost sshd[55635]: error: kex_exchange_identification= : Connection closed by remote host > Aug 9 23:32:25 localhost sshd[55635]: Connection closed by X.X.X.167 por= t 50938 > Aug 9 23:32:26 localhost shepherd[1]: Service sshd-4191 has been started. > Aug 9 23:32:26 localhost shepherd[1]: 7 connections still in use after s= shd-4185 termination. > Aug 9 23:32:26 localhost shepherd[1]: Service sshd-4185 (PID 55635) exit= ed with 255. > Aug 9 23:32:26 localhost shepherd[1]: Service sshd-4185 has been disable= d. > Aug 9 23:32:26 localhost shepherd[1]: Transient service sshd-4185 termin= ated, now unregistered. > Aug 9 23:32:30 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:41918. > Aug 9 23:32:31 localhost shepherd[1]: Service sshd-4192 has been started. > Aug 9 23:32:34 localhost sshd[55632]: error: kex_exchange_identification= : Connection closed by remote host > Aug 9 23:32:34 localhost sshd[55632]: Connection closed by X.X.X.167 por= t 50966 > Aug 9 23:32:34 localhost shepherd[1]: 7 connections still in use after s= shd-4184 termination. > Aug 9 23:32:34 localhost shepherd[1]: Service sshd-4184 (PID 55632) exit= ed with 255. > Aug 9 23:32:34 localhost shepherd[1]: Service sshd-4184 has been disable= d. > Aug 9 23:32:34 localhost shepherd[1]: Transient service sshd-4184 termin= ated, now unregistered. > Aug 9 23:32:35 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:42736. > Aug 9 23:32:36 localhost shepherd[1]: Service sshd-4193 has been started. > Aug 9 23:32:40 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:43492. > Aug 9 23:32:41 localhost shepherd[1]: Service sshd-4194 has been started. > Aug 9 23:32:44 localhost sshd[56155]: error: kex_exchange_identification= : Connection closed by remote host > Aug 9 23:32:44 localhost sshd[56155]: Connection closed by X.X.X.80 port= 52450 > Aug 9 23:32:44 localhost shepherd[1]: 8 connections still in use after s= shd-4186 termination. > Aug 9 23:32:44 localhost shepherd[1]: Service sshd-4186 (PID 56155) exit= ed with 255. > Aug 9 23:32:44 localhost shepherd[1]: Service sshd-4186 has been disable= d. > Aug 9 23:32:44 localhost shepherd[1]: Transient service sshd-4186 termin= ated, now unregistered. > Aug 9 23:32:45 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:44194. > Aug 9 23:32:46 localhost shepherd[1]: Service sshd-4195 has been started. > Aug 9 23:32:53 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:45170. > Aug 9 23:32:53 localhost shepherd[1]: Service sshd-4196 has been started. > Aug 9 23:32:56 localhost ntpd[1706]: Soliciting pool server X.X.X.107 > Aug 9 23:32:58 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:45846. > Aug 9 23:32:58 localhost shepherd[1]: Service sshd-4197 has been started. > Aug 9 23:33:03 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:46514. > Aug 9 23:33:03 localhost shepherd[1]: Service sshd-4198 has been started. > Aug 9 23:33:08 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:47230. > Aug 9 23:33:08 localhost shepherd[1]: Service sshd-4199 has been started. > Aug 9 23:33:13 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:47940. > Aug 9 23:33:13 localhost shepherd[1]: Service sshd-4200 has been started. > Aug 9 23:33:17 localhost sshd[56715]: error: kex_exchange_identification= : client sent invalid protocol identifier "" > Aug 9 23:33:17 localhost sshd[56715]: banner exchange: Connection from X= .X.X.104 port 37546: invalid format > Aug 9 23:33:17 localhost shepherd[1]: 13 connections still in use after = sshd-4188 termination. > Aug 9 23:33:17 localhost shepherd[1]: Service sshd-4188 (PID 56715) exit= ed with 255. > Aug 9 23:33:17 localhost shepherd[1]: Service sshd-4188 has been disable= d. > Aug 9 23:33:17 localhost shepherd[1]: Transient service sshd-4188 termin= ated, now unregistered. > Aug 9 23:33:18 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:48680. > Aug 9 23:33:18 localhost shepherd[1]: Service sshd-4201 has been started. > Aug 9 23:33:23 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:49546. > Aug 9 23:33:23 localhost shepherd[1]: Service sshd-4202 has been started. > Aug 9 23:33:26 localhost sshd[57102]: error: kex_exchange_identification= : client sent invalid protocol identifier "OPT > IONS / HTTP/1.0" > Aug 9 23:33:26 localhost sshd[57102]: banner exchange: Connection from X= .X.X.104 port 40378: invalid format > Aug 9 23:33:26 localhost shepherd[1]: 14 connections still in use after = sshd-4190 termination. > Aug 9 23:33:26 localhost shepherd[1]: Service sshd-4190 (PID 57102) exit= ed with 255. > Aug 9 23:33:26 localhost shepherd[1]: Service sshd-4190 has been disable= d. > Aug 9 23:33:26 localhost shepherd[1]: Transient service sshd-4190 termin= ated, now unregistered. > Aug 9 23:33:28 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:50188. > Aug 9 23:33:28 localhost shepherd[1]: Service sshd-4203 has been started. > Aug 9 23:33:32 localhost sshd[57360]: error: kex_exchange_identification= : banner line contains invalid characters > Aug 9 23:33:32 localhost sshd[57360]: banner exchange: Connection from X= .X.X.104 port 41918: invalid format > Aug 9 23:33:32 localhost shepherd[1]: 14 connections still in use after = sshd-4192 termination. > Aug 9 23:33:32 localhost shepherd[1]: Service sshd-4192 (PID 57360) exit= ed with 255. > Aug 9 23:33:32 localhost shepherd[1]: Service sshd-4192 has been disable= d. > Aug 9 23:33:32 localhost shepherd[1]: Transient service sshd-4192 termin= ated, now unregistered. > Aug 9 23:33:33 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.104:50848. > Aug 9 23:33:33 localhost shepherd[1]: Service sshd-4204 has been started. > Aug 9 23:33:35 localhost sshd[57713]: error: kex_exchange_identification= : banner line contains invalid characters > Aug 9 23:33:35 localhost sshd[57713]: banner exchange: Connection from X= .X.X.104 port 42736: invalid format > Aug 9 23:33:35 localhost shepherd[1]: 14 connections still in use after = sshd-4193 termination. > > [=E2=80=A6] > > Aug 9 23:33:39 localhost sshd[56941]: error: kex_exchange_identification= : client sent invalid protocol identifier "GET > / HTTP/1.0" > Aug 9 23:33:39 localhost sshd[56941]: banner exchange: Connection from X= .X.X.104 port 39528: invalid format > Aug 9 23:33:39 localhost shepherd[1]: 13 connections still in use after = sshd-4189 termination.=20 > Aug 9 23:33:39 localhost shepherd[1]: Service sshd-4189 (PID 56941) exit= ed with 255.=20 > Aug 9 23:33:39 localhost shepherd[1]: Service sshd-4189 has been disable= d.=20 > Aug 9 23:33:39 localhost shepherd[1]: Transient service sshd-4189 termin= ated, now unregistered.=20 > Aug 9 23:33:44 localhost sshd[57874]: error: kex_exchange_identification= : banner line contains invalid characters > Aug 9 23:33:44 localhost sshd[57874]: banner exchange: Connection from X= .X.X.104 port 43492: invalid format > Aug 9 23:33:44 localhost shepherd[1]: 12 connections still in use after = sshd-4194 termination.=20 > Aug 9 23:33:44 localhost shepherd[1]: Service sshd-4194 (PID 57874) exit= ed with 255.=20 > Aug 9 23:33:44 localhost shepherd[1]: Service sshd-4194 has been disable= d.=20 > Aug 9 23:33:44 localhost shepherd[1]: Transient service sshd-4194 termin= ated, now unregistered.=20 > > [=E2=80=A6] > > Aug 9 23:35:40 localhost shepherd[1]: 4 connections still in use after s= shd-4212 termination.=20 > Aug 9 23:35:40 localhost shepherd[1]: Service sshd-4212 (PID 59614) exit= ed with 255.=20 > Aug 9 23:35:40 localhost shepherd[1]: Service sshd-4212 has been disable= d.=20 > Aug 9 23:35:40 localhost shepherd[1]: Transient service sshd-4212 termin= ated, now unregistered.=20 > Aug 9 23:35:48 localhost sshd[59712]: error: kex_exchange_identification= : banner line contains invalid characters > Aug 9 23:35:48 localhost sshd[59712]: banner exchange: Connection from X= .X.X.104 port 58812: invalid format > Aug 9 23:35:48 localhost shepherd[1]: 3 connections still in use after s= shd-4213 termination.=20 > Aug 9 23:35:48 localhost shepherd[1]: Service sshd-4213 (PID 59712) exit= ed with 255.=20 > Aug 9 23:35:48 localhost shepherd[1]: Service sshd-4213 has been disable= d.=20 > Aug 9 23:35:48 localhost shepherd[1]: Transient service sshd-4213 termin= ated, now unregistered.=20 > Aug 9 23:35:49 localhost sshd[59891]: error: kex_exchange_identification= : banner line contains invalid characters > Aug 9 23:35:49 localhost sshd[59891]: banner exchange: Connection from X= .X.X.104 port 59748: invalid format > Aug 9 23:35:49 localhost shepherd[1]: 2 connections still in use after s= shd-4214 termination.=20 > Aug 9 23:35:49 localhost shepherd[1]: Service sshd-4214 (PID 59891) exit= ed with 255.=20 > Aug 9 23:35:49 localhost shepherd[1]: Service sshd-4214 has been disable= d.=20 > Aug 9 23:35:49 localhost shepherd[1]: Transient service sshd-4214 termin= ated, now unregistered.=20 > Aug 9 23:36:02 localhost sshd[60000]: error: kex_exchange_identification= : banner line contains invalid characters > Aug 9 23:36:02 localhost sshd[60000]: banner exchange: Connection from X= .X.X.104 port 60776: invalid format > Aug 9 23:36:02 localhost shepherd[1]: 1 connection still in use after ss= hd-4215 termination.=20 > Aug 9 23:36:02 localhost shepherd[1]: Service sshd-4215 (PID 60000) exit= ed with 255.=20 > Aug 9 23:36:02 localhost shepherd[1]: Service sshd-4215 has been disable= d.=20 > Aug 9 23:36:02 localhost shepherd[1]: Transient service sshd-4215 termin= ated, now unregistered.=20 > Aug 9 23:36:14 localhost ntpd[1706]: Soliciting pool server X.X.X.191 > Aug 9 23:37:21 localhost ntpd[1706]: Soliciting pool server X.X.X.75 > Aug 9 23:37:25 localhost shepherd[1]: Accepted connection on 0.0.0.0:22 = from X.X.X.93:34472.=20 > Aug 9 23:37:25 localhost shepherd[1]: Service sshd-4216 has been started= .=20 > Aug 9 23:38:28 localhost ntpd[1706]: Soliciting pool server X.X.X.38 > Aug 9 23:38:46 localhost sshd[63802]: error: kex_exchange_identification= : Connection closed by remote host > Aug 9 23:38:46 localhost sshd[63802]: Connection closed by X.X.X.93 port= 34472 > Aug 9 23:38:46 localhost shepherd[1]: 1 connection still in use after ss= hd-4216 termination.=20 > Aug 9 23:38:46 localhost shepherd[1]: Service sshd-4216 (PID 63802) exit= ed with 255.=20 > Aug 9 23:38:46 localhost shepherd[1]: Service sshd-4216 has been disable= d.=20 > Aug 9 23:38:46 localhost shepherd[1]: Transient service sshd-4216 termin= ated, now unregistered.=20 > > > X.X.X.104 is opening a dozen connections that it keeps alive > simultaneously for a while (obviously scanning for vulnerabilities), > eventually closing them. The connection count shown in messages does go > down to 1 in the end, as expected. > > As an example, =E2=80=98sshd-4189=E2=80=99 was up for 1.5 minute, and tha= t seems to be > roughly the lifetime of these. > > It does mean that for a couple of minutes we had a peak of 18 > simultaneous connections: > > ludo@berlin ~$ sudo sh -c 'cat /var/log/messages; zcat /var/log/messages.= 1.gz' | grep "still in use"| cut -c30-| sed '-es/.* \([0-9]\+\) connection.= */\1/g'|sort -un > 0 > 1 > 2 > 3 > 4 > 5 > 6 > 7 > 8 > 9 > 10 > 11 > 12 > 13 > 14 > 15 > 16 > 17 > 18 > > That=E2=80=99s all we have so far. > > Ludo=E2=80=99.