We are getting a ton of these log messages on our Juniper router from the IP of our nagiosXI. Is there a setting in Nagios that can stop it from trying to authenticate?
Oct 13 10:52:03 NSERC-Private-GW sshd[30790]: Connection reset by 128.38.168.190 port 46206 [preauth]
Oct 13 10:52:03 NSERC-Private-GW sshd[30791]: Connection reset by 128.38.168.190 port 46206
Oct 13 10:54:58 NSERC-Private-GW checklogin[31097]: warning: can't get client address: Bad file descriptor
Oct 13 10:54:59 NSERC-Private-GW checklogin[31097]: WEB_AUTH_FAIL: Unable to authenticate httpd client with username root from 128.38.168.190
Oct 13 10:55:11 NSERC-Private-GW checklogin[31122]: warning: can't get client address: Bad file descriptor
Oct 13 10:55:12 NSERC-Private-GW checklogin[31122]: WEB_AUTH_FAIL: Unable to authenticate httpd client with username root from 128.38.168.190
Oct 13 10:57:01 NSERC-Private-GW sshd[31214]: Connection closed by 128.38.168.190 port 48568
Oct 13 10:57:01 NSERC-Private-GW sshd[31213]: Connection closed by 128.38.168.190 port 48568 [preauth]
Oct 13 10:59:56 NSERC-Private-GW checklogin[31358]: warning: can't get client address: Bad file descriptor
Oct 13 10:59:57 NSERC-Private-GW checklogin[31358]: WEB_AUTH_FAIL: Unable to authenticate httpd client with username root from 128.38.168.190
Oct 13 11:00:10 NSERC-Private-GW checklogin[31390]: warning: can't get client address: Bad file descriptor
Oct 13 11:00:10 NSERC-Private-GW checklogin[31390]: WEB_AUTH_FAIL: Unable to authenticate httpd client with username root from 128.38.168.190
Oct 13 11:01:59 NSERC-Private-GW sshd[31488]: Connection reset by 128.38.168.190 port 50902 [preauth]
Oct 13 11:01:59 NSERC-Private-GW sshd[31489]: Connection reset by 128.38.168.190 port 50902
Oct 13 11:04:54 NSERC-Private-GW checklogin[31626]: warning: can't get client address: Bad file descriptor
Oct 13 11:04:56 NSERC-Private-GW checklogin[31626]: WEB_AUTH_FAIL: Unable to authenticate httpd client with username root from 128.38.168.190
Oct 13 11:05:07 NSERC-Private-GW checklogin[31652]: warning: can't get client address: Bad file descriptor
Oct 13 11:05:08 NSERC-Private-GW checklogin[31652]: WEB_AUTH_FAIL: Unable to authenticate httpd client with username root from 128.38.168.190
Oct 13 11:06:57 NSERC-Private-GW sshd[31741]: Connection reset by 128.38.168.190 port 53278
Oct 13 11:06:57 NSERC-Private-GW sshd[31740]: Connection reset by 128.38.168.190 port 53278 [preauth]
Getting alot of failed Authentication messages.
Re: Getting alot of failed Authentication messages.
Hello @beverhart
Thanks for reaching out, appears that there is a 'ssh check' configured (or missconfigured) and is hitting your Juniper router. You will want to login to the Nagios web console and look for a ssh service check that is hitting it.
Perry
Thanks for reaching out, appears that there is a 'ssh check' configured (or missconfigured) and is hitting your Juniper router. You will want to login to the Nagios web console and look for a ssh service check that is hitting it.
Thanks,NSERC-Private-GW sshd[31214]: Connection closed by....
Perry