Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: failed root login attempts
From: Arthur de Jong (adejongdebian.org)
Date: Mon Sep 20 2004 - 05:01:16 CDT
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 19 Sep 2004, martin f krafft wrote:
> Are there any distinctive marks in the SSH login attempt that one could
> filter on?
The volume in attempts isn't as high here as on your system bug this is
what I got when I set loglevel to debug:
sshd: Connection from 126.96.36.199 port 58144
sshd: debug1: Client protocol version 2.0; client software version libssh-0.1
sshd: debug1: no match: libssh-0.1
sshd: Enabling compatibility mode for protocol 2.0
sshd: debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
sshd: debug1: Starting up PAM with username "root"
sshd: Could not reverse map address 188.8.131.52.
sshd: debug1: PAM setting rhost to "184.108.40.206"
sshd: Failed password for root from 220.127.116.11 port 58144 ssh2
sshd: debug1: Calling cleanup 0x8052b48(0x0)
sshd: debug1: Calling cleanup 0x806be5c(0x0)
(it tries a password immediatly, while normal ssh tries several other
A while ago I saw the same thing happen for another account (guest or
test I think) but currently only login attempts as root are done
I'm not particularly worries since I have PermitRootLogin without-password
in /etc/ssh/sshd_config, only allow a few users to ssh in anyway (use
AllowGroups) and use opie passwords for logins without a public key.
- -- arthur - adejongdebian.org - http://people.debian.org/~adejong --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
To UNSUBSCRIBE, email to debian-security-REQUESTlists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmasterlists.debian.org