On 10/13/07, Mick <[EMAIL PROTECTED]> wrote: > > On Sunday 07 October 2007, Remy Blank wrote: > > Mick wrote: > > > I have already disabled PAM authentication on sshd so that only users > > > with a public key in their ~/.ssh can login. > > > > This is the first and most important step. This means that the only real > > problem is that your logs fill with failed log in attempts. > > > > The easiest way I have found to avoid that is to change the port number > > of the SSH daemon to something else than 22. > > I am trying out fail2ban, but I am not sure I have configured it > correctly. > Shouldn't most of these repeated attempts have been stopped? > ======================================================== > Oct 12 21:01:01 support sshd[30347]: Did not receive identification string > from 203.128.89.99 > Oct 13 01:01:38 support sshd[26419]: Did not receive identification string > from 85.8.136.219 > Oct 13 01:01:38 support sshd[26422]: Did not receive identification string > from 85.8.136.219 > Oct 13 01:11:14 support sshd[31765]: Invalid user admin from 85.8.136.219 > Oct 13 01:11:15 support sshd[31792]: Invalid user test from 85.8.136.219 > Oct 13 01:11:15 support sshd[31814]: Invalid user guest from 85.8.136.219 > Oct 13 01:11:16 support sshd[31833]: Invalid user webmaster from > 85.8.136.219 > Oct 13 01:11:17 support sshd[31852]: User mysql not allowed because > account is > locked > Oct 13 01:11:18 support sshd[31902]: Invalid user oracle from 85.8.136.219 > Oct 13 01:11:19 support sshd[31929]: Invalid user library from > 85.8.136.219 > Oct 13 01:11:19 support sshd[31945]: Invalid user admin from 85.8.136.219 > Oct 13 01:11:20 support sshd[31952]: Invalid user info from 85.8.136.219 > Oct 13 01:11:20 support sshd[31965]: Invalid user test from 85.8.136.219 > Oct 13 01:11:20 support sshd[31974]: Invalid user shell from 85.8.136.219 > Oct 13 01:11:21 support sshd[31999]: Invalid user guest from 85.8.136.219 > Oct 13 01:11:21 support sshd[32015]: Invalid user linux from 85.8.136.219 > Oct 13 01:11:22 support sshd[32026]: Invalid user webmaster from > 85.8.136.219 > Oct 13 01:11:22 support sshd[32036]: Invalid user unix from 85.8.136.219 > Oct 13 01:11:22 support sshd[32058]: User mysql not allowed because > account is > locked > Oct 13 01:11:23 support sshd[32080]: Invalid user oracle from 85.8.136.219 > Oct 13 01:11:24 support sshd[32109]: Invalid user library from > 85.8.136.219 > Oct 13 01:11:24 support sshd[32123]: Invalid user test from 85.8.136.219 > Oct 13 01:11:25 support sshd[32134]: Invalid user info from 85.8.136.219 > Oct 13 01:11:25 support sshd[32164]: Invalid user shell from 85.8.136.219 > Oct 13 01:11:26 support sshd[32175]: Invalid user admin from 85.8.136.219 > Oct 13 01:11:26 support sshd[32192]: Invalid user linux from 85.8.136.219 > Oct 13 01:11:27 support sshd[32200]: Invalid user guest from 85.8.136.219 > Oct 13 01:11:27 support sshd[32224]: Invalid user unix from 85.8.136.219 > ======================================================== > > I have just kept the default fail2ban config file and have not created any > new > log files in /var/log/. > > Any ideas? > -- > Regards, > Mick > > Do you have anything in your default log file, /var/log/fail2ban.log ?
-- - Mark Shields
