We have a Windows batch script, which connects automatically to a linux server via PLINK (putty). There is NO public private key authentication, the user and the password are in
the script.
On our linux server we have several sshd log entries (/var/log/messages):
sshd[7645]: Connection closed by xxx [preauth]
What could be the cause for such a message?
"preauth" supposably means "pre authentication"?
Sometimes in the entry, "closed by" has the ip address of the windows client, another time there is the ip address of the linux server in "closed by". Does anybody know the differency betweend client ip address and host ip address in the message?
Best Answer
The
sshd
server will disconnect if the client doesn't try to authenticate in a certain period of time, as documented in the-g
option.So I suspect if you see the server IP in the logs with this message, the connection was closed because no authentication attempt occurred within this grace time. When you see the client IP, it means the user closed their client (or the script terminated) without making an authentication attempt.