1 |
I've always had usernames when it comes to sshd's log entries in |
2 |
auth.log, like the following: |
3 |
|
4 |
<time> <hostname> sshd[5926]: error: PAM: Authentication failure for |
5 |
<username> from <ip-adress> |
6 |
|
7 |
|
8 |
On 3/19/09, Paul Hartman <paul.hartman+gentoo@×××××.com> wrote: |
9 |
> In my ssh logs this morning I noticed a couple login attempts with |
10 |
> usenames on them... I've never seen that before. It is usually just an |
11 |
> IP address. |
12 |
> |
13 |
> Mar 18 20:19:48 [sshd] refused connect from |
14 |
> postmaster@×××××××××××××××××××.co |
15 |
> Mar 18 23:42:44 [sshd] refused connect from 211.116.136.107 |
16 |
> Mar 18 23:44:44 [sshd] refused connect from |
17 |
> [U2FsdGVkX19g32YZVKMsQkl+mouWITILOicY4Iq9OQo=]@211.116.136.107 |
18 |
> Mar 19 02:41:09 [sshd] refused connect from 221.194.128.66 |
19 |
> |
20 |
> weird... maybe the bad guys are up to something new. |
21 |
> |
22 |
> |
23 |
|
24 |
|
25 |
-- |
26 |
------------------------------------------------ |
27 |
For security reasons, all text in this mail is double-rot13 encrypted. |