| 1 |
I've always had usernames when it comes to sshd's log entries in |
| 2 |
auth.log, like the following: |
| 3 |
|
| 4 |
<time> <hostname> sshd[5926]: error: PAM: Authentication failure for |
| 5 |
<username> from <ip-adress> |
| 6 |
|
| 7 |
|
| 8 |
On 3/19/09, Paul Hartman <paul.hartman+gentoo@×××××.com> wrote: |
| 9 |
> In my ssh logs this morning I noticed a couple login attempts with |
| 10 |
> usenames on them... I've never seen that before. It is usually just an |
| 11 |
> IP address. |
| 12 |
> |
| 13 |
> Mar 18 20:19:48 [sshd] refused connect from |
| 14 |
> postmaster@×××××××××××××××××××.co |
| 15 |
> Mar 18 23:42:44 [sshd] refused connect from 211.116.136.107 |
| 16 |
> Mar 18 23:44:44 [sshd] refused connect from |
| 17 |
> [U2FsdGVkX19g32YZVKMsQkl+mouWITILOicY4Iq9OQo=]@211.116.136.107 |
| 18 |
> Mar 19 02:41:09 [sshd] refused connect from 221.194.128.66 |
| 19 |
> |
| 20 |
> weird... maybe the bad guys are up to something new. |
| 21 |
> |
| 22 |
> |
| 23 |
|
| 24 |
|
| 25 |
-- |
| 26 |
------------------------------------------------ |
| 27 |
For security reasons, all text in this mail is double-rot13 encrypted. |
Archives