Laine Lee wrote: > Thanks. I'm still not getting the hang of it, though. > > My asl.log is crowded with entries such as: > > [Time 2007.05.18 13:34:22 UTC] [Facility authpriv] [Sender > com.apple.SecurityServer] [PID -1] [Message Failed to authorize right > system.login.tty by process /usr/sbin/sshd for authorization created by > /usr/sbin/sshd.] [Level 5] [UID -2] [GID -2] [Host myhost] > > [Time 2007.05.18 13:34:22 UTC] [Facility authpriv] [Sender > com.apple.SecurityServer] [PID -1] [Message Failed to authorize right > system.login.tty by process /usr/sbin/sshd for authorization created by > /usr/sbin/sshd.] [Level 5] [UID -2] [GID -2] [Host myhost]
Those are not the entries that DenyHosts looks for, different "Sender", will not match the regex. > Secure log contains entries such as: > > May 18 08:34:30 myhost com.apple.SecurityServer: Failed to authorize right > system.login.tty by process /usr/sbin/sshd for authorization created by > /usr/sbin/sshd. > May 18 08:34:30 myhost sshd[4502]: Failed password for invalid user library > from 205.158.114.125 port 39468 ssh2 Looks usable, very close to what we see in Solaris or Linux. This could be a second option, if the one recommended in the FAQ doesn't work for you. > These are the types of events I had hoped would be handled by DenyHosts, yet > my hosts.deny file remains empty, unless I sit down at a machine and attempt > to connect through ssh with an invalid username and password. I am not using > synchronization. It works if you test it, but it doesn't with real events? > Can you shed any light on my situation? I believe I am in compliance with > the suggestions you've made so far. Thanks. An example (sent to this list) of the log entries that DenyHosts does use: [Time 2006.11.03 21:46:20 UTC] [Facility auth] [Sender sshd] [PID 284] [Message error: PAM: Authentication failure for illegal user baduser from 128.83.86.67] [Level 3] [UID -2] [GID -2] [Host rgrtw-05s-power-mac-g5] If you don't have these in your asl.log, then we missed something. I found a message that shows that we may have missed one other parameter: > -------- Original Message -------- > Subject: [Denyhosts-user] configuring macos 10.4 to use denyhosts > Date: Thu, 28 Dec 2006 18:54:49 -0600 > From: Robert T Wyatt <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Organization: The University of Texas at Austin > To: denyhosts-user@lists.sourceforge.net > > In the interest of helping fellow MacOS users, I've collected the > following tidbits that help make denyhosts work on MacOS 10.4. > > In addition to modifying the denyhosts.cfg file as recommended in the > denyhosts FAQ, the following settings must be made in the sshd_config file: > > PasswordAuthentication no > UsePAM yes > UseDNS no > > These settings 1) bypass the rudimentary password authentication so that > PAM can be triggered, 2) trigger PAM, and 3) allow IP addresses to be > passed to asl.log so that they may be captured by the denyhosts REGEX > pattern (otherwise the associated domain name is passed). > > (It is also wise to set "PermitRootLogin no" since most functions > requiring root access can be accessed via the sudo command. I also set > "LogLevel VERBOSE". For more info, see "man sshd_config".) > > To make these changes, the user opens a Terminal.app window and issues > these commands: > > cp /etc/sshd_config ~/sshd_config.bak > > [this makes a copy of the original sshd_config file, just in case ;-)] > > sudo pico /etc/sshd_config > > [this uses the 'pico' text editor to access the sshd_config file] > > After making the changes above, the user exits pico, saving the file, > and must then restart the ssh daemon. > > One way to restart the daemon is by using the System Preferences... > command under the Apple Menu and clicking on the Sharing icon in the > Internet & Network group. Now clicking the check box next to Remote > Login will shut down the daemon and clicking it again will restart the > daemon (the daemon is running when the box is checked). > > Another way to restart the daemon is to restart the computer (assuming > the aforementioned box is checked). > > Hope this helps! > --Robert Regards. -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
