Question

0

sshd keeps spawning child processes

rated 0 times [ 0] [ 0] / answers: 1 / hits: 1077 / 3 Years ago, fri, september 24, 2021, 2:41:46

axfelix@shoebox:~$ ps aux | grep sshd

root      1182  0.0  0.0  65612  6620 ?        Ss   Apr28   0:02 /usr/sbin/sshd -D

root      1857  1.0  0.0 107080  7052 ?        Ss   11:23   0:00 sshd: root [priv]

sshd      1858  0.0  0.0  66956  3228 ?        S    11:23   0:00 sshd: root [net]

root      1859  1.2  0.0 107080  7160 ?        Ss   11:23   0:00 sshd: root [priv]

sshd      1860  0.0  0.0  66956  3220 ?        S    11:23   0:00 sshd: root [net]

axfelix   1862  0.0  0.0  15240   936 pts/5    S+   11:23   0:00 grep --color=auto sshd

axfelix@shoebox:~$ pstree -p 1182

sshd(1182)─┬─sshd(1859)───sshd(1860)

           └─sshd(1863)───sshd(1864)

axfelix@shoebox:~$ pstree -p 1182

sshd(1182)─┬─sshd(1884)───sshd(1885)

           └─sshd(1886)───sshd(1887)

any idea what this is about?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

ersoggles

Add To Favorites

Follow

Total Points: 69

Total Questions: 111

Total Answers: 111

Location: Vanuatu

Member since Sun, Oct 2, 2022

2 Years ago

answered 3 Years ago lasagnerhead · Accepted Answer

It is normal behavior when somebody is trying to connect to your computer. There are two new processes for each connection. And all the public IP addresses in the wild of the Internet are scanned by the bots, hacker, or just researchers.

If you plan to run ssh on public IP (or forwarding on the router to your PC), it is a good idea to disable password authentication and set up fail2ban at least.