FlowX - an anticrash change? SSH from odd places around the world.
From system.log:
Mon: Nov 21 9:01:33am -- sshd -- timeout before authentication for
220.117.241.3
Thu: Nov 17 5:24:07am -- sshd -- timeout before authentication for
211.233.15.92
Tue: Nov 15 10:31:52am -- sshd -- timeout before authentication for
66.135.100.50
.... and none of these addresses have reverse DNS entries.... could the
sshd be continually retrying resolution through lookupd? Maybe lookupd
isn't returning the proper failed response so that is why sshd keeps
retrying (that's a guess).
[at least the first two events listed (Mon, Thu) are within 10 minutes
of when we had system lockups]
So - if this is all the problem is -- ruddy apple firewall rules don't
allow you to block port 22 ssh for all except trusted ... (in which case
10.4 did break this because in 10.3 you could put manual rules in that
did this stuff).
** the temporary workaround is - ssh is no longer running on tcp/22 on
flowx. It is now tcp/3822. **
Looks like the OS X boxes really can't be trusted anywhere but behind a
firewall. (at least that's today's theory)
[changes made to implement: /etc/services: ssh-ci tcp/3822
/System/Library/LaunchDaemons/ssh.plist: change SockServiceName from ssh
to ssh-ci]
Rob.
