K
K
Konstantin2021-02-25 16:56:31
linux
Konstantin, 2021-02-25 16:56:31

The user user1 is denied access to ssh, but sshd from user1 hangs in the processes. Why?

Hello.
there is a running service ssh
user user1, access to ssh is closed. User1 is used by a hired developer.

In /etc/passwd
user1:x:1061:1061::/home/site.ru:/bin/false

Today I found out that the authorized user user1 hangs in the process.
in "ps uaxf" you can see that the process is hanging, from the user user1

root     17351  0.0  0.0  92464  4032 ?        Ss   10:18   0:00  \_ sshd: user1 [priv]
user1    17369  0.0  0.0  92464  2008 ?        S    10:18   0:00  |   \_ sshd: [email protected]


according to the auth.log log, as I understand it, the session was opened and later closed
Feb 25 10:18:48 srv sshd[17351]: Accepted password for user1 from 1.2.3.4 port 53537 ssh2
Feb 25 10:18:48 srv sshd[17351]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
Feb 25 15:54:03 srv sshd[17369]: Received disconnect from 1.2.3.4 port 53537:11: FlowSshClientSession: disconnected on user's request
Feb 25 15:54:03 srv sshd[17369]: Disconnected from 1.2.3.4 port 53537


I decided to check and connect, of course it does not let me in and asks for the password again. If you leave the tcp session not closed (do not close the program where I am trying to connect via sftp/ssh), then in processes it looks different:
When I connect, then
root     19466  0.0  0.0  92352  3880 ?        Ss   12:46   0:00  \_ sshd: user1 [priv]
sshd     19467  0.0  0.0  65456  1392 ?        S    12:46   0:00      \_ sshd: user1 [net]


I can not understand where the process from the user user1 came from.
Please tell me what does this mean? Is this a regular job of ssh or something wrong?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
R
Ruslan Fedoseev, 2021-02-25
@webmaster

this is an ssh tunnel

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question