Am 06.03.2013 19:20, schrieb Gordon Messmer: > On 03/06/2013 09:45 AM, Tilman Schmidt wrote: >> Any ideas how to remedy that situation? > > As long as you get the IP address for failed logins, ignore reverse > mapping failures.
Trouble is, I don't:
Feb 8 00:03:09 dns01 sshd[6119]: reverse mapping checking getaddrinfo
for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 8 00:03:10 dns01 sshd[6120]: Disconnecting: Too many authentication
failures for root
Feb 8 00:03:19 dns01 sshd[6121]: reverse mapping checking getaddrinfo
for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 8 00:03:20 dns01 sshd[6122]: Disconnecting: Too many authentication
failures for root
Feb 8 00:03:22 dns01 sshd[6123]: reverse mapping checking getaddrinfo
for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 8 00:03:23 dns01 sshd[6124]: Disconnecting: Too many authentication
failures for root
[...]
And at the end of the day, logwatch tells me:
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 149 Time(s)
Not good.
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list [email protected] http://lists.centos.org/mailman/listinfo/centos
