sshd un-authorized access attempts


we have a hosted dedicate server running 2003 and iis6, it is mainly used for hosted our website that we use. we have a small company therefore I keep and eye on the server even though I am the web developer...

I have noticed in the app log in event viewer similiar ip addresses are hitting our server with similiar error codes:

Illegal user 1 from
sshd : PID 3216 : input_userauth_request: illegal user 1.
sshd : PID 3216 : Failed password for illegal user 1 from port 50739 ssh2.

ther is about a hundred of these a night sometimes from different ip addresses and the user names tried are different
eg root, guest etc...

I would like to know if there is a way to stop any services that allows ssh2 or sshd  access on the server. We user remote desktop to connect and sometimes vnc. I have taken a look through the service console and cannot work out which serveices it is, or if there is just nothing to worry about at all. Rather be safe than sorry...

LVL 12
Who is Participating?
mcsweenSr. Network AdministratorCommented:
Are you running Cygwin tools on this server?
mcsweenSr. Network AdministratorCommented:
Is this box behind a firewall?  If so I would block port 50739.  If not I would consider putting a firewall in front of it or at least using the Windows firewall and provide exceptions just for RD(3389), VnC(5900), and what you need for web (at least 80).
deanvanrooyenAuthor Commented:

this is a hosted server so it runs like in a dmz, I cannot start blocking ports because the soruce potr keeps changinf, I need to try and stop the service(if anything is running that allows this access), i jsut think it might be the remote access service for remote desktop
mcsweenSr. Network AdministratorCommented:
I am guessing you have an SSH (Secure Shell Host) dameon running on this server somewhere.  SSH is not native to Windows so if there is one installed you would probably see it under Add/Remove programs.

In your task manager do you see anything on the processes tab with the name SSHD?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.