il server è 8.0 beta 5, l'sshd è all'ultima versione, l'ho aggiornato dopo che si è presentato il problema pensando di risolvere ma anche li ho fallito.
in messages filtrato con ssh c'è questo:
May 4 12:06:53 galileo esmith::event[2118]: expanding /etc/rssh.conf
May 4 12:06:56 galileo esmith::event[2118]: expanding /etc/ssh/sshd_config
May 4 12:07:20 galileo esmith::event[2118]: Running event handler: /etc/e-smith/events/bootstrap-console-save/S65sshd-conf
May 4 12:07:20 galileo esmith::event[2118]: S65sshd-conf=action|Event|bootstrap-console-save|Action|S65sshd-conf|Start|1336126040 312679|End|1336126040 407733|Elapsed|0.095054
May 4 12:08:40 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[4008]: /home/e-smith/db/configuration: OLD sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|22|UsePAM|yes|access|private|status|enabled
May 4 12:08:40 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[4008]: /home/e-smith/db/configuration: NEW sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|22|UsePAM|yes|access|public|status|enabled
May 4 12:08:40 galileo esmith::event[4009]: expanding /etc/rssh.conf
May 4 12:08:41 galileo esmith::event[4009]: expanding /etc/ssh/sshd_config
May 4 12:08:41 galileo esmith::event[4009]: Running event handler: /etc/e-smith/events/remoteaccess-update/S65sshd-conf
May 4 12:08:42 galileo esmith::event[4009]: S65sshd-conf=action|Event|remoteaccess-update|Action|S65sshd-conf|Start|1336126121 991621|End|1336126122 60287|Elapsed|0.068666
May 4 12:08:42 galileo esmith::event[4009]: adjusting supervised sshd (sighup)
May 4 12:08:42 galileo esmith::event[4009]: adjusting supervised sshd (up)
May 4 12:30:16 galileo sshd[4545]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
May 4 12:30:16 galileo sshd[4545]: fatal: Cannot bind any address.
May 4 12:34:44 galileo esmith::event[4595]: expanding /etc/rssh.conf
May 4 12:34:45 galileo esmith::event[4595]: expanding /etc/ssh/sshd_config
May 4 12:34:45 galileo esmith::event[4595]: Running event handler: /etc/e-smith/events/remoteaccess-update/S65sshd-conf
May 4 12:34:45 galileo esmith::event[4595]: S65sshd-conf=action|Event|remoteaccess-update|Action|S65sshd-conf|Start|1336127685 237882|End|1336127685 306518|Elapsed|0.068636
May 4 12:34:45 galileo esmith::event[4595]: adjusting supervised sshd (sighup)
May 4 12:34:45 galileo esmith::event[4595]: adjusting supervised sshd (up)
May 7 12:07:18 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[3207]: /home/e-smith/db/configuration: OLD sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|22|UsePAM|yes|access|public|status|enabled
May 7 12:07:18 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[3207]: /home/e-smith/db/configuration: NEW sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|222|UsePAM|yes|access|public|status|enabled
May 7 12:07:19 galileo esmith::event[3208]: expanding /etc/rssh.conf
May 7 12:07:20 galileo esmith::event[3208]: expanding /etc/ssh/sshd_config
May 7 12:07:20 galileo esmith::event[3208]: Running event handler: /etc/e-smith/events/remoteaccess-update/S65sshd-conf
May 7 12:07:20 galileo esmith::event[3208]: S65sshd-conf=action|Event|remoteaccess-update|Action|S65sshd-conf|Start|1336385240 498871|End|1336385240 567545|Elapsed|0.068674
May 7 12:07:20 galileo esmith::event[3208]: adjusting supervised sshd (sighup)
May 7 12:07:20 galileo esmith::event[3208]: adjusting supervised sshd (up)
May 7 12:08:40 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[3402]: /home/e-smith/db/configuration: OLD sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|222|UsePAM|yes|access|public|status|enabled
May 7 12:08:40 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[3402]: /home/e-smith/db/configuration: NEW sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|22|UsePAM|yes|access|public|status|enabled
May 7 12:08:40 galileo esmith::event[3403]: expanding /etc/rssh.conf
May 7 12:08:41 galileo esmith::event[3403]: expanding /etc/ssh/sshd_config
May 7 12:08:41 galileo esmith::event[3403]: Running event handler: /etc/e-smith/events/remoteaccess-update/S65sshd-conf
May 7 12:08:41 galileo esmith::event[3403]: S65sshd-conf=action|Event|remoteaccess-update|Action|S65sshd-conf|Start|1336385321 644874|End|1336385321 714890|Elapsed|0.070016
May 7 12:08:41 galileo esmith::event[3403]: adjusting supervised sshd (sighup)
May 7 12:08:41 galileo esmith::event[3403]: adjusting supervised sshd (up)
per quanto riguarda i log ssh c'è un elenco infinito di tentativi di accesso dall'esterno (e io sono sicuro che sono loro la causa del problema)
non li posto tutti perchè è una cosa immane, posto solo l'ultimo pezzo cioè da quando mi sono accorto del problema:
2012-05-03 04:37:42.604175500 Failed password for root from 60.217.235.5 port 53554 ssh2
2012-05-03 04:37:42.604274500 Connection closed by 60.217.235.5
2012-05-03 06:09:19.873298500 Did not receive identification string from 93.211.158.247
2012-05-03 13:03:46.314606500 Failed password for root from 60.217.235.5 port 52332 ssh2
2012-05-03 13:03:46.314750500 Connection closed by 60.217.235.5
2012-05-03 13:42:57.098736500 Failed password for root from 219.235.240.41 port 43215 ssh2
2012-05-03 13:42:57.098882500 Connection closed by 219.235.240.41
2012-05-03 14:51:20.712184500 Accepted password for root from 172.16.1.242 port 50061 ssh2
2012-05-03 14:53:16.936288500 Accepted password for root from 95.242.44.174 port 60736 ssh2
2012-05-03 14:55:11.539480500 Accepted password for root from 95.242.44.174 port 60760 ssh2
2012-05-03 14:57:44.020543500 Accepted password for root from 95.242.44.174 port 60774 ssh2
2012-05-03 14:59:14.172141500 Accepted password for root from 95.242.44.174 port 60779 ssh2
2012-05-03 15:01:34.230509500 Server listening on 0.0.0.0 port 22.
2012-05-03 15:03:01.904969500 Received signal 15; terminating.
2012-05-03 15:03:50.810582500 Server listening on 0.0.0.0 port 22.
2012-05-03 15:04:19.308408500 Accepted password for root from 95.242.44.174 port 61787 ssh2
2012-05-03 15:04:57.766465500 Accepted password for root from 95.242.44.174 port 61789 ssh2
2012-05-03 15:08:11.081156500 Accepted password for root from 95.242.44.174 port 61796 ssh2
2012-05-03 15:10:11.095195500 Failed password for root from 95.242.44.174 port 61809 ssh2
2012-05-03 15:10:11.095197500 Connection closed by 95.242.44.174
2012-05-03 15:10:58.235083500 Accepted password for root from 95.242.44.174 port 61797 ssh2
2012-05-03 15:11:57.310346500 Failed password for root from 95.242.44.174 port 61810 ssh2
2012-05-03 15:11:57.310446500 Connection closed by 95.242.44.174
2012-05-03 15:13:42.256633500 Accepted password for root from 95.242.44.174 port 61802 ssh2
2012-05-04 09:14:31.717426500 Did not receive identification string from 119.2.119.78
2012-05-04 09:24:33.842379500 reverse mapping checking getaddrinfo for leasedline-119-2-119-78.sdfs.druknet.bt failed - POSSIBLE BREAK-IN ATTEMPT!
2012-05-04 09:24:40.112073500 Invalid user alexis from 119.2.119.78
2012-05-04 09:24:40.112988500 reverse mapping checking getaddrinfo for leasedline-119-2-119-78.sdfs.druknet.bt failed - POSSIBLE BREAK-IN ATTEMPT!
2012-05-04 09:24:40.113139500 input_userauth_request: invalid user alexis
2012-05-04 09:25:02.640292500 reverse mapping checking getaddrinfo for leasedline-119-2-119-78.sdfs.druknet.bt failed - POSSIBLE BREAK-IN ATTEMPT!
2012-05-04 12:02:44.123161500 Received SIGHUP; restarting.
2012-05-04 12:02:44.129658500 Server listening on 172.16.1.7 port 22.
2012-05-04 12:07:34.319262500 Server listening on 172.16.1.7 port 22.
2012-05-04 12:08:42.127841500 Received SIGHUP; restarting.
2012-05-04 12:08:42.134455500 Server listening on 0.0.0.0 port 22.
2012-05-04 12:10:23.318213500 Accepted password for root from 172.16.1.121 port 1075 ssh2
2012-05-04 12:30:16.529601500 Received signal 15; terminating.
2012-05-04 12:30:16.538202500 Server listening on 0.0.0.0 port 22.
2012-05-04 12:33:03.558443500 Accepted password for root from 172.16.1.121 port 1252 ssh2
2012-05-04 12:34:45.373488500 Received SIGHUP; restarting.
2012-05-04 12:34:45.380035500 Server listening on 0.0.0.0 port 22.
2012-05-04 13:15:18.591897500 Failed password for root from 220.172.191.31 port 39731 ssh2
2012-05-04 13:15:18.592106500 Connection closed by 220.172.191.31
2012-05-04 13:15:40.231566500 Failed password for root from 61.7.252.242 port 36107 ssh2
2012-05-04 13:15:40.231651500 Connection closed by 61.7.252.242
2012-05-04 19:27:09.580795500 Failed password for root from 31.222.139.112 port 36241 ssh2
2012-05-04 19:27:09.580937500 Connection closed by 31.222.139.112
2012-05-04 22:44:13.962028500 Failed password for root from 38.100.167.135 port 58664 ssh2
2012-05-04 22:44:13.962078500 Connection closed by 38.100.167.135
2012-05-04 23:26:03.157312500 Failed password for root from 38.100.167.135 port 44065 ssh2
2012-05-04 23:26:03.157373500 Connection closed by 38.100.167.135
2012-05-05 00:08:38.070299500 Failed password for root from 38.100.167.135 port 49869 ssh2
2012-05-05 00:08:38.070397500 Connection closed by 38.100.167.135
2012-05-05 00:51:47.380930500 Failed password for root from 38.100.167.135 port 45170 ssh2
2012-05-05 00:51:47.381089500 Connection closed by 38.100.167.135
2012-05-05 01:35:16.518713500 Failed password for root from 38.100.167.135 port 49793 ssh2
2012-05-05 01:35:16.518825500 Connection closed by 38.100.167.135
2012-05-05 01:51:03.597011500 Did not receive identification string from UNKNOWN
2012-05-05 01:58:04.027831500 Read from socket failed: Connection reset by peer
2012-05-05 02:19:06.536099500 Failed password for root from 38.100.167.135 port 52415 ssh2
2012-05-05 02:19:06.536156500 Connection closed by 38.100.167.135
2012-05-05 03:03:09.642136500 Failed password for root from 38.100.167.135 port 41660 ssh2
2012-05-05 03:03:09.642186500 Connection closed by 38.100.167.135
2012-05-05 03:25:02.527597500 Failed password for root from 60.217.235.5 port 41904 ssh2
2012-05-05 03:25:02.527750500 Write failed: Broken pipe
2012-05-05 03:47:56.316255500 Failed password for root from 38.100.167.135 port 34287 ssh2
2012-05-05 03:47:56.316366500 Write failed: Broken pipe
2012-05-05 03:50:40.892519500 Failed password for root from 60.217.235.5 port 36895 ssh2
2012-05-05 03:50:40.892615500 Write failed: Broken pipe
2012-05-05 04:32:55.207045500 Failed password for root from 38.100.167.135 port 54662 ssh2
2012-05-05 04:32:55.207130500 Write failed: Broken pipe
2012-05-05 05:17:41.424905500 Failed password for root from 38.100.167.135 port 53005 ssh2
2012-05-05 05:17:41.425009500 Write failed: Broken pipe
2012-05-05 06:02:57.650745500 Failed password for root from 38.100.167.135 port 52364 ssh2
2012-05-05 06:02:57.650902500 Write failed: Broken pipe
2012-05-05 06:47:44.406485500 Failed password for root from 38.100.167.135 port 41221 ssh2
2012-05-05 06:47:44.406596500 Write failed: Broken pipe
2012-05-05 16:03:10.364425500 Did not receive identification string from 60.215.8.6
2012-05-05 16:10:07.559618500 Invalid user globus from 60.215.8.6
2012-05-05 16:10:07.593419500 input_userauth_request: invalid user globus
2012-05-05 16:10:10.638402500 Invalid user ambrosia from 60.215.8.6
2012-05-05 16:10:10.638432500 input_userauth_request: invalid user ambrosia
2012-05-05 16:10:13.755180500 Invalid user cadi from 60.215.8.6
2012-05-05 16:10:13.755815500 input_userauth_request: invalid user cadi
2012-05-05 16:10:31.601960500 Connection closed by 60.215.8.6
2012-05-05 16:10:35.421708500 Invalid user bridge from 60.215.8.6
2012-05-05 16:10:35.422370500 input_userauth_request: invalid user bridge
2012-05-05 16:10:43.045237500 Invalid user undernet from 60.215.8.6
2012-05-05 16:10:43.045872500 input_userauth_request: invalid user undernet
2012-05-05 16:11:02.470983500 Invalid user globus from 60.215.8.6
2012-05-05 16:11:02.471776500 input_userauth_request: invalid user globus
2012-05-05 16:11:09.421009500 Read from socket failed: Connection reset by peer
2012-05-05 16:11:24.145690500 Connection closed by 60.215.8.6
2012-05-05 16:11:28.121795500 Invalid user undernet from 60.215.8.6
2012-05-05 16:11:28.122475500 input_userauth_request: invalid user undernet
2012-05-05 16:11:28.327689500 Connection closed by 60.215.8.6
2012-05-05 16:11:30.449109500 Invalid user bridge from 60.215.8.6
2012-05-05 16:11:30.449762500 input_userauth_request: invalid user bridge
2012-05-05 16:11:30.635152500 Connection closed by 60.215.8.6
2012-05-05 21:07:52.823052500 Did not receive identification string from 113.254.180.7
2012-05-05 22:06:23.836567500 Invalid user a from 46.23.72.242
2012-05-05 22:06:23.868744500 input_userauth_request: invalid user a
2012-05-05 23:57:39.942406500 Did not receive identification string from 210.71.174.50
2012-05-07 00:16:16.739779500 Received disconnect from 172.158.35.99: 11: User exit
2012-05-07 12:07:20.636537500 Received SIGHUP; restarting.
2012-05-07 12:07:20.643500500 Server listening on 0.0.0.0 port 222.
2012-05-07 12:08:17.322620500 Did not receive identification string from 172.16.1.241
2012-05-07 12:08:41.784115500 Received SIGHUP; restarting.
2012-05-07 12:08:41.788948500 Server listening on 0.0.0.0 port 22.