[CentOS] ssh error in /var/log/secure

Michael A. Peters mpeters at mac.com
Sat Oct 4 09:36:29 UTC 2008


Hi -

I just bought a xen VPS and am running CentOS 5 on it (updated to 5.2).
With all my personal machines sitting at home behind a router with all 
ports (except for BitTorrent) closed - I had forgotten how frequent 
brute force ssh attacks are, but within a day, the log was loaded with them.

So I did two things - I installed and configured pam_abl and I moved the 
ssh port to 1294 ( a > 1024 number that means something to me so easy to 
remember) and then blocked port 22 in iptables.

Interestingly - after installing pam_able before I configured and 
restarted sshd, pam_able was already building a database of hosts - the 
attacks were that frequent. Nothing after restarting sshd on the new 
port though, at least so far.

Anyway - while the server is working on the new port and I can connect, 
I noticed this error:

Oct  4 09:01:25 li34-4 sshd[2305]: Server listening on :: port 1294.
Oct  4 09:01:25 li34-4 sshd[2305]: error: Bind to port 1294 on 0.0.0.0 
failed:
Address already in use.

Is that caused by a mis-configuration on my part?
The only change I made to sshd was the Port directive (root login was 
already disabled in the xen image I started from)

It looks like it is listening on the port and then trying to bind to the 
port a second time.

Is that from having two IPs on the same nic (eth0 and eth0:1) ?


More information about the CentOS mailing list