| 1 |
On 10/13/07, Mick <michaelkintzios@×××××.com> wrote: |
| 2 |
> |
| 3 |
> On Sunday 07 October 2007, Remy Blank wrote: |
| 4 |
> > Mick wrote: |
| 5 |
> > > I have already disabled PAM authentication on sshd so that only users |
| 6 |
> > > with a public key in their ~/.ssh can login. |
| 7 |
> > |
| 8 |
> > This is the first and most important step. This means that the only real |
| 9 |
> > problem is that your logs fill with failed log in attempts. |
| 10 |
> > |
| 11 |
> > The easiest way I have found to avoid that is to change the port number |
| 12 |
> > of the SSH daemon to something else than 22. |
| 13 |
> |
| 14 |
> I am trying out fail2ban, but I am not sure I have configured it |
| 15 |
> correctly. |
| 16 |
> Shouldn't most of these repeated attempts have been stopped? |
| 17 |
> ======================================================== |
| 18 |
> Oct 12 21:01:01 support sshd[30347]: Did not receive identification string |
| 19 |
> from 203.128.89.99 |
| 20 |
> Oct 13 01:01:38 support sshd[26419]: Did not receive identification string |
| 21 |
> from 85.8.136.219 |
| 22 |
> Oct 13 01:01:38 support sshd[26422]: Did not receive identification string |
| 23 |
> from 85.8.136.219 |
| 24 |
> Oct 13 01:11:14 support sshd[31765]: Invalid user admin from 85.8.136.219 |
| 25 |
> Oct 13 01:11:15 support sshd[31792]: Invalid user test from 85.8.136.219 |
| 26 |
> Oct 13 01:11:15 support sshd[31814]: Invalid user guest from 85.8.136.219 |
| 27 |
> Oct 13 01:11:16 support sshd[31833]: Invalid user webmaster from |
| 28 |
> 85.8.136.219 |
| 29 |
> Oct 13 01:11:17 support sshd[31852]: User mysql not allowed because |
| 30 |
> account is |
| 31 |
> locked |
| 32 |
> Oct 13 01:11:18 support sshd[31902]: Invalid user oracle from 85.8.136.219 |
| 33 |
> Oct 13 01:11:19 support sshd[31929]: Invalid user library from |
| 34 |
> 85.8.136.219 |
| 35 |
> Oct 13 01:11:19 support sshd[31945]: Invalid user admin from 85.8.136.219 |
| 36 |
> Oct 13 01:11:20 support sshd[31952]: Invalid user info from 85.8.136.219 |
| 37 |
> Oct 13 01:11:20 support sshd[31965]: Invalid user test from 85.8.136.219 |
| 38 |
> Oct 13 01:11:20 support sshd[31974]: Invalid user shell from 85.8.136.219 |
| 39 |
> Oct 13 01:11:21 support sshd[31999]: Invalid user guest from 85.8.136.219 |
| 40 |
> Oct 13 01:11:21 support sshd[32015]: Invalid user linux from 85.8.136.219 |
| 41 |
> Oct 13 01:11:22 support sshd[32026]: Invalid user webmaster from |
| 42 |
> 85.8.136.219 |
| 43 |
> Oct 13 01:11:22 support sshd[32036]: Invalid user unix from 85.8.136.219 |
| 44 |
> Oct 13 01:11:22 support sshd[32058]: User mysql not allowed because |
| 45 |
> account is |
| 46 |
> locked |
| 47 |
> Oct 13 01:11:23 support sshd[32080]: Invalid user oracle from 85.8.136.219 |
| 48 |
> Oct 13 01:11:24 support sshd[32109]: Invalid user library from |
| 49 |
> 85.8.136.219 |
| 50 |
> Oct 13 01:11:24 support sshd[32123]: Invalid user test from 85.8.136.219 |
| 51 |
> Oct 13 01:11:25 support sshd[32134]: Invalid user info from 85.8.136.219 |
| 52 |
> Oct 13 01:11:25 support sshd[32164]: Invalid user shell from 85.8.136.219 |
| 53 |
> Oct 13 01:11:26 support sshd[32175]: Invalid user admin from 85.8.136.219 |
| 54 |
> Oct 13 01:11:26 support sshd[32192]: Invalid user linux from 85.8.136.219 |
| 55 |
> Oct 13 01:11:27 support sshd[32200]: Invalid user guest from 85.8.136.219 |
| 56 |
> Oct 13 01:11:27 support sshd[32224]: Invalid user unix from 85.8.136.219 |
| 57 |
> ======================================================== |
| 58 |
> |
| 59 |
> I have just kept the default fail2ban config file and have not created any |
| 60 |
> new |
| 61 |
> log files in /var/log/. |
| 62 |
> |
| 63 |
> Any ideas? |
| 64 |
> -- |
| 65 |
> Regards, |
| 66 |
> Mick |
| 67 |
> |
| 68 |
> |
| 69 |
Do you have anything in your default log file, /var/log/fail2ban.log ? |
| 70 |
|
| 71 |
-- |
| 72 |
- Mark Shields |
Archives