Hi -
I just bought a xen VPS and am running CentOS 5 on it (updated to 5.2).
With all my personal machines sitting at home behind a router with all
ports (except for BitTorrent) closed - I had forgotten how frequent
brute force ssh attacks are, but within a day, the log was loaded with them.
So I did two things - I installed and configured pam_abl and I moved the
ssh port to 1294 ( a > 1024 number that means something to me so easy to
remember) and then blocked port 22 in iptables.
Interestingly - after installing pam_able before I configured and
restarted sshd, pam_able was already building a database of hosts - the
attacks were that frequent. Nothing after restarting sshd on the new
port though, at least so far.
Anyway - while the server is working on the new port and I can connect,
I noticed this error:
Oct 4 09:01:25 li34-4 sshd[2305]: Server listening on :: port 1294.
Oct 4 09:01:25 li34-4 sshd[2305]: error: Bind to port 1294 on 0.0.0.0
failed:
Address already in use.
Is that caused by a mis-configuration on my part?
The only change I made to sshd was the Port directive (root login was
already disabled in the xen image I started from)
It looks like it is listening on the port and then trying to bind to the
port a second time.
Is that from having two IPs on the same nic (eth0 and eth0:1) ?