1 |
On Fri, Mar 20, 2009 at 7:25 AM, Eric Martin <freak4uxxx@×××××.com> wrote: |
2 |
> Paul Hartman wrote: |
3 |
>> On Thu, Mar 19, 2009 at 10:36 AM, Johan Blåbäck |
4 |
>> <johan.bluecreek@×××××.com> wrote: |
5 |
>>> I've always had usernames when it comes to sshd's log entries in |
6 |
>>> auth.log, like the following: |
7 |
>>> |
8 |
>>> <time> <hostname> sshd[5926]: error: PAM: Authentication failure for |
9 |
>>> <username> from <ip-adress> |
10 |
>> |
11 |
>> Well, I don't use PAM, just key-based authentication only, so I always |
12 |
>> see only the IP getting rejected since it doesn't even give them a |
13 |
>> place to try a user/password :) It's just weird that it is refusing a |
14 |
>> connection from user@domain rather than simply the IP. I guess they |
15 |
>> could be trying to ssh user@××××××.net or something. The one with |
16 |
>> [U2FsdGVkX19g32YZVKMsQkl+mouWITILOicY4Iq9OQo=] as the username is |
17 |
>> interesting. I wonder what that's all about. |
18 |
>> |
19 |
> |
20 |
> I too use only PubKey but they need to send a username so ssh knows |
21 |
> where to look for the public key. Your two options boil down to |
22 |
> |
23 |
> 1) install fail2ban (I installed it on all of my external ssh boxes and |
24 |
> I love it) |
25 |
> 2) change the ssh port to something other than 22 (Security by Obscurity |
26 |
> but it frees up your logs so you can see real problems). |
27 |
> |
28 |
> The two may me mutually exclusive as I'm not sure if you can tweak |
29 |
> fail2ban's ssh rules to monitor another port. |
30 |
> |
31 |
> I just chock it up as log spam unless I see definite bad patterns. But |
32 |
> again, with public key access only and banning root from logging in via |
33 |
> ssh I don't think anybody is getting far unless there is a flaw in ssh. |
34 |
|
35 |
Oh, I am not concerned about the attacks. I just thought it was weird |
36 |
that I saw user@domain when I normally see only IP or only domain. |
37 |
They are already refused connection as the log shows :) |
38 |
|
39 |
Thanks, |
40 |
Paul |