Otdfbt

Is it possible to trip with natural weapon?

Importance sampling estimation of power function

Does the "6 seconds per round" rule apply to speaking/roleplaying during combat situations?

In this example, which path would a monster affected by the Dissonant Whispers spell take?

If Boris Johnson were prosecuted and convicted of lying about Brexit, can that be used to cancel Brexit?

What is the advantage of carrying a tripod and ND-filters when you could use image stacking instead?

Can a magnetic field of an object be stronger than its gravity?

How is it possible that Gollum speaks Westron?

Fair use: Instructor sharing notes from textbooks

Incremental Ranges!

Adding two lambda-functions in C++

Bent spoke design wheels — feasible?

Implement Homestuck's Catenative Doomsday Dice Cascader

C SIGINT signal in Linux

My coworkers think I had a long honeymoon. Actually I was diagnosed with cancer. How do I talk about it?

How can drunken, homicidal elves successfully conduct a wild hunt?

Secure offsite backup, even in the case of hacker root access

Java guess the number

What's the correct term for a waitress in the Middle Ages?

Word for a small burst of laughter that can't be held back

Sharing one invocation list between multiple events on the same object in C#

What is the traditional way of earning a doctorate in Germany?

Completing the square to find if quadratic form is positive definite.

How would you say “AKA/as in”?

Access denied for user 'root'@'localhost' What proces is causing this?

Access denied for user 'root@localhost' (using password:NO)Allowing wildcard (%) access on MySQL db, getting error “access denied for '<user>'@'localhost'”phpMyAdmin: #1045 - Access denied for user 'root'@'localhost' (using password: YES).“Access denied for user 'root'@'servername' (using password: NO)” - except I AM using a passwordMySQL root problems (access denied for root user)MySQL - Access denied for user 'root'@'localhost' (using password: YES)ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using Password:YES)MySQL connection - Access denied for user 'username'@'localhost' (using password: YES)mysql tries to connect to localhost at startup, [Note] Access denied for user 'root'@'localhost' (using password: NO)mariadb in chroot gives Access denied for user 'root'@'localhost' even though password is set

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

-2

I got this connections constantly in logs, how to trace what app is trying to connect?

root@localhost is allowed to connect

190310 22:38:57 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
190310 22:38:59 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
190310 22:38:59 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
190310 22:39:03 [Warning] Access denied for user 'root'@'localhost' (using password: YES)


mysql debian

share|improve this question

asked Mar 10 at 21:44

xyronexusxyronexus

125

add a comment | 

-2

I got this connections constantly in logs, how to trace what app is trying to connect?

root@localhost is allowed to connect

190310 22:38:57 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
190310 22:38:59 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
190310 22:38:59 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
190310 22:39:03 [Warning] Access denied for user 'root'@'localhost' (using password: YES)


mysql debian

share|improve this question

asked Mar 10 at 21:44

xyronexusxyronexus

125

add a comment | 

I got this connections constantly in logs, how to trace what app is trying to connect?

root@localhost is allowed to connect

190310 22:38:57 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
190310 22:38:59 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
190310 22:38:59 [Warning] Access denied for user 'root'@'localhost' (using password: YES)
190310 22:39:03 [Warning] Access denied for user 'root'@'localhost' (using password: YES)


mysql debian

share|improve this question

asked Mar 10 at 21:44

xyronexusxyronexus

125

share|improve this question

asked Mar 10 at 21:44

xyronexusxyronexus

125

share|improve this question

asked Mar 10 at 21:44

xyronexusxyronexus

125

asked Mar 10 at 21:44

xyronexusxyronexus

125

asked Mar 10 at 21:44

xyronexusxyronexus

125

2 Answers
2

active

oldest

votes

0

There isn't an easy way to do this unfortunately since your SSH daemon is logging. Here is how I would tackle this:

1. Perform multiple netstats / lsof commands to determine what exactly is generating a network connection on port 22


2. Shut down any public facing services and see if the log stops writing.


3. Perform multiple process output snapshots to check if any suspect programs (python/perl/php) are constantly generated.


4. Check cron entries for all users.

share|improve this answer

answered Mar 11 at 14:16

David O.David O.

793

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  This belongs in dba.stackexchange.com
  
  – Rick James
  Mar 13 at 21:09
  

  
  
  
  

add a comment | 

0

Keep in mind that these 'users' are different:

root@localhost
root@'11.22.33.44' -- or any IP or host

You may have initially established GRANTs for root@localhost, but not for going across TCP/IP (or vice versa). Or you gave them different passwords.

share|improve this answer

answered Mar 13 at 21:08

Rick JamesRick James

2716

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'm aware of that, the question is about tracing process wich is trying to login on localhost.
  
  – xyronexus
  Mar 14 at 22:04
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f957638%2faccess-denied-for-user-rootlocalhost-what-proces-is-causing-this%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

There isn't an easy way to do this unfortunately since your SSH daemon is logging. Here is how I would tackle this:

1. Perform multiple netstats / lsof commands to determine what exactly is generating a network connection on port 22


2. Shut down any public facing services and see if the log stops writing.


3. Perform multiple process output snapshots to check if any suspect programs (python/perl/php) are constantly generated.


4. Check cron entries for all users.

share|improve this answer

answered Mar 11 at 14:16

David O.David O.

793

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  This belongs in dba.stackexchange.com
  
  – Rick James
  Mar 13 at 21:09
  

  
  
  
  

add a comment | 

0

There isn't an easy way to do this unfortunately since your SSH daemon is logging. Here is how I would tackle this:

1. Perform multiple netstats / lsof commands to determine what exactly is generating a network connection on port 22


2. Shut down any public facing services and see if the log stops writing.


3. Perform multiple process output snapshots to check if any suspect programs (python/perl/php) are constantly generated.


4. Check cron entries for all users.

share|improve this answer

answered Mar 11 at 14:16

David O.David O.

793

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  This belongs in dba.stackexchange.com
  
  – Rick James
  Mar 13 at 21:09
  

  
  
  
  

add a comment | 

There isn't an easy way to do this unfortunately since your SSH daemon is logging. Here is how I would tackle this:

1. Perform multiple netstats / lsof commands to determine what exactly is generating a network connection on port 22


2. Shut down any public facing services and see if the log stops writing.


3. Perform multiple process output snapshots to check if any suspect programs (python/perl/php) are constantly generated.


4. Check cron entries for all users.

share|improve this answer

answered Mar 11 at 14:16

David O.David O.

793

share|improve this answer

answered Mar 11 at 14:16

David O.David O.

793

answered Mar 11 at 14:16

David O.David O.

793

answered Mar 11 at 14:16

David O.David O.

793

0

Keep in mind that these 'users' are different:

root@localhost
root@'11.22.33.44' -- or any IP or host

You may have initially established GRANTs for root@localhost, but not for going across TCP/IP (or vice versa). Or you gave them different passwords.

share|improve this answer

answered Mar 13 at 21:08

Rick JamesRick James

2716

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'm aware of that, the question is about tracing process wich is trying to login on localhost.
  
  – xyronexus
  Mar 14 at 22:04
  

  
  
  
  

add a comment | 

0

Keep in mind that these 'users' are different:

root@localhost
root@'11.22.33.44' -- or any IP or host

You may have initially established GRANTs for root@localhost, but not for going across TCP/IP (or vice versa). Or you gave them different passwords.

share|improve this answer

answered Mar 13 at 21:08

Rick JamesRick James

2716

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'm aware of that, the question is about tracing process wich is trying to login on localhost.
  
  – xyronexus
  Mar 14 at 22:04
  

  
  
  
  

add a comment | 

Keep in mind that these 'users' are different:

root@localhost
root@'11.22.33.44' -- or any IP or host

You may have initially established GRANTs for root@localhost, but not for going across TCP/IP (or vice versa). Or you gave them different passwords.

share|improve this answer

answered Mar 13 at 21:08

Rick JamesRick James

2716

root@localhost
root@'11.22.33.44' -- or any IP or host

share|improve this answer

answered Mar 13 at 21:08

Rick JamesRick James

2716

answered Mar 13 at 21:08

Rick JamesRick James

2716

answered Mar 13 at 21:08

Rick JamesRick James

2716