Connection closed [preauth]

Question

On a Ubuntu 12.04 server, I am getting the following pair of messages in auth.log several times a minute:

Jan 17 22:04:25 binx sshd[14659]: Connection closed by 192.168.0.1 [preauth]
Jan 17 22:04:25 binx sshd[14661]: Connection closed by 192.168.0.5 [preauth]

Both those IP addresses belong to separate computers (192.168.0.1 is our firewall/router, 192.168.0.5 is our backup machine), and seem to be associated with some sort of failed public key login. Is there some way to see what is causing the errors, or what user the machines are trying to connect to?

score 0 · Accepted Answer · answered Jan 18 '13 at 03:15

0

It turned out to be the result of a server move. Automated processes on those two servers ran into a host key failure, which was in turn the result of a new server.

answered Jan 18 '13 at 03:15

cpast

505
4
13

Connection closed [preauth]

1 Answers1