1 |
On 10/13/07, Mick <michaelkintzios@×××××.com> wrote: |
2 |
> |
3 |
> On Sunday 07 October 2007, Remy Blank wrote: |
4 |
> > Mick wrote: |
5 |
> > > I have already disabled PAM authentication on sshd so that only users |
6 |
> > > with a public key in their ~/.ssh can login. |
7 |
> > |
8 |
> > This is the first and most important step. This means that the only real |
9 |
> > problem is that your logs fill with failed log in attempts. |
10 |
> > |
11 |
> > The easiest way I have found to avoid that is to change the port number |
12 |
> > of the SSH daemon to something else than 22. |
13 |
> |
14 |
> I am trying out fail2ban, but I am not sure I have configured it |
15 |
> correctly. |
16 |
> Shouldn't most of these repeated attempts have been stopped? |
17 |
> ======================================================== |
18 |
> Oct 12 21:01:01 support sshd[30347]: Did not receive identification string |
19 |
> from 203.128.89.99 |
20 |
> Oct 13 01:01:38 support sshd[26419]: Did not receive identification string |
21 |
> from 85.8.136.219 |
22 |
> Oct 13 01:01:38 support sshd[26422]: Did not receive identification string |
23 |
> from 85.8.136.219 |
24 |
> Oct 13 01:11:14 support sshd[31765]: Invalid user admin from 85.8.136.219 |
25 |
> Oct 13 01:11:15 support sshd[31792]: Invalid user test from 85.8.136.219 |
26 |
> Oct 13 01:11:15 support sshd[31814]: Invalid user guest from 85.8.136.219 |
27 |
> Oct 13 01:11:16 support sshd[31833]: Invalid user webmaster from |
28 |
> 85.8.136.219 |
29 |
> Oct 13 01:11:17 support sshd[31852]: User mysql not allowed because |
30 |
> account is |
31 |
> locked |
32 |
> Oct 13 01:11:18 support sshd[31902]: Invalid user oracle from 85.8.136.219 |
33 |
> Oct 13 01:11:19 support sshd[31929]: Invalid user library from |
34 |
> 85.8.136.219 |
35 |
> Oct 13 01:11:19 support sshd[31945]: Invalid user admin from 85.8.136.219 |
36 |
> Oct 13 01:11:20 support sshd[31952]: Invalid user info from 85.8.136.219 |
37 |
> Oct 13 01:11:20 support sshd[31965]: Invalid user test from 85.8.136.219 |
38 |
> Oct 13 01:11:20 support sshd[31974]: Invalid user shell from 85.8.136.219 |
39 |
> Oct 13 01:11:21 support sshd[31999]: Invalid user guest from 85.8.136.219 |
40 |
> Oct 13 01:11:21 support sshd[32015]: Invalid user linux from 85.8.136.219 |
41 |
> Oct 13 01:11:22 support sshd[32026]: Invalid user webmaster from |
42 |
> 85.8.136.219 |
43 |
> Oct 13 01:11:22 support sshd[32036]: Invalid user unix from 85.8.136.219 |
44 |
> Oct 13 01:11:22 support sshd[32058]: User mysql not allowed because |
45 |
> account is |
46 |
> locked |
47 |
> Oct 13 01:11:23 support sshd[32080]: Invalid user oracle from 85.8.136.219 |
48 |
> Oct 13 01:11:24 support sshd[32109]: Invalid user library from |
49 |
> 85.8.136.219 |
50 |
> Oct 13 01:11:24 support sshd[32123]: Invalid user test from 85.8.136.219 |
51 |
> Oct 13 01:11:25 support sshd[32134]: Invalid user info from 85.8.136.219 |
52 |
> Oct 13 01:11:25 support sshd[32164]: Invalid user shell from 85.8.136.219 |
53 |
> Oct 13 01:11:26 support sshd[32175]: Invalid user admin from 85.8.136.219 |
54 |
> Oct 13 01:11:26 support sshd[32192]: Invalid user linux from 85.8.136.219 |
55 |
> Oct 13 01:11:27 support sshd[32200]: Invalid user guest from 85.8.136.219 |
56 |
> Oct 13 01:11:27 support sshd[32224]: Invalid user unix from 85.8.136.219 |
57 |
> ======================================================== |
58 |
> |
59 |
> I have just kept the default fail2ban config file and have not created any |
60 |
> new |
61 |
> log files in /var/log/. |
62 |
> |
63 |
> Any ideas? |
64 |
> -- |
65 |
> Regards, |
66 |
> Mick |
67 |
> |
68 |
> |
69 |
Do you have anything in your default log file, /var/log/fail2ban.log ? |
70 |
|
71 |
-- |
72 |
- Mark Shields |