Re: failed root login attempts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 19 Sep 2004, martin f krafft wrote:
> Are there any distinctive marks in the SSH login attempt that one could
> filter on?
The volume in attempts isn't as high here as on your system bug this is
what I got when I set loglevel to debug:
sshd[21195]: Connection from 211.99.26.89 port 58144
sshd[21195]: debug1: Client protocol version 2.0; client software version libssh-0.1
sshd[21195]: debug1: no match: libssh-0.1
sshd[21195]: Enabling compatibility mode for protocol 2.0
sshd[21195]: debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
sshd[21195]: debug1: Starting up PAM with username "root"
sshd[21195]: Could not reverse map address 211.99.26.89.
sshd[21195]: debug1: PAM setting rhost to "211.99.26.89"
sshd[21195]: Failed password for root from 211.99.26.89 port 58144 ssh2
sshd[21195]: debug1: Calling cleanup 0x8052b48(0x0)
sshd[21195]: debug1: Calling cleanup 0x806be5c(0x0)
(it tries a password immediatly, while normal ssh tries several other
things first)
A while ago I saw the same thing happen for another account (guest or
test I think) but currently only login attempts as root are done
I'm not particularly worries since I have PermitRootLogin without-password
in /etc/ssh/sshd_config, only allow a few users to ssh in anyway (use
AllowGroups) and use opie passwords for logins without a public key.
- -- arthur - adejong@debian.org - http://people.debian.org/~adejong --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBTqpwVYan35+NCKcRAl2rAJ92UBcG1Ts/bgaHvKzV4wRiGgAOxACgjRXW
w/KcIEv31lrIHZqd8wAiqIk=
=gV1i
-----END PGP SIGNATURE-----
Reply to: