-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, 19 Sep 2004, martin f krafft wrote: > Are there any distinctive marks in the SSH login attempt that one could > filter on? The volume in attempts isn't as high here as on your system bug this is what I got when I set loglevel to debug: sshd[21195]: Connection from 211.99.26.89 port 58144 sshd[21195]: debug1: Client protocol version 2.0; client software version libssh-0.1 sshd[21195]: debug1: no match: libssh-0.1 sshd[21195]: Enabling compatibility mode for protocol 2.0 sshd[21195]: debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 sshd[21195]: debug1: Starting up PAM with username "root" sshd[21195]: Could not reverse map address 211.99.26.89. sshd[21195]: debug1: PAM setting rhost to "211.99.26.89" sshd[21195]: Failed password for root from 211.99.26.89 port 58144 ssh2 sshd[21195]: debug1: Calling cleanup 0x8052b48(0x0) sshd[21195]: debug1: Calling cleanup 0x806be5c(0x0) (it tries a password immediatly, while normal ssh tries several other things first) A while ago I saw the same thing happen for another account (guest or test I think) but currently only login attempts as root are done I'm not particularly worries since I have PermitRootLogin without-password in /etc/ssh/sshd_config, only allow a few users to ssh in anyway (use AllowGroups) and use opie passwords for logins without a public key. - -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBTqpwVYan35+NCKcRAl2rAJ92UBcG1Ts/bgaHvKzV4wRiGgAOxACgjRXW w/KcIEv31lrIHZqd8wAiqIk= =gV1i -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
