Hello,
I have installed DenyHosts on a Mac OS X v10.5.8 server. I noticed the
following entries in the server's system.log file.
Jan 2 14:44:56 clients sshd[22772]: Failed none for invalid user root from
92.246.211.245 port 3206 ssh2
Jan 2 14:44:57 clients com.apple.SecurityServer[35]: checkpw() returned -2;
failed to authenticate user root (uid 0).
Jan 2 14:44:57 clients com.apple.SecurityServer[35]: Failed to authorize
right system.login.tty by client /usr/sbin/sshd for authorization created by
/usr/sbin/sshd.
Jan 2 14:44:57 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Jan 2 14:44:58 clients com.apple.SecurityServer[35]: checkpw() returned -2;
failed to authenticate user root (uid 0).
Jan 2 14:44:58 clients com.apple.SecurityServer[35]: Failed to authorize
right system.login.tty by client /usr/sbin/sshd for authorization created by
/usr/sbin/sshd.
Jan 2 14:44:58 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Jan 2 14:44:59 clients com.apple.SecurityServer[35]: checkpw() returned -2;
failed to authenticate user root (uid 0).
Jan 2 14:44:59 clients com.apple.SecurityServer[35]: Failed to authorize
right system.login.tty by client /usr/sbin/sshd for authorization created by
/usr/sbin/sshd.
Jan 2 14:44:59 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Jan 2 14:45:01 clients com.apple.SecurityServer[35]: checkpw() returned -2;
failed to authenticate user root (uid 0).
Jan 2 14:45:03 clients com.apple.SecurityServer[35]: Failed to authorize
right system.login.tty by client /usr/sbin/sshd for authorization created by
/usr/sbin/sshd.
Jan 2 14:45:03 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Jan 2 14:45:06 clients com.apple.SecurityServer[35]: checkpw() returned -2;
failed to authenticate user root (uid 0).
Jan 2 14:45:08 clients com.apple.SecurityServer[35]: Failed to authorize
right system.login.tty by client /usr/sbin/sshd for authorization created by
/usr/sbin/sshd.
Jan 2 14:45:08 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Jan 2 14:45:10 clients com.apple.SecurityServer[35]: checkpw() returned -2;
failed to authenticate user root (uid 0).
Jan 2 14:45:12 clients com.apple.SecurityServer[35]: Failed to authorize
right system.login.tty by client /usr/sbin/sshd for authorization created by
/usr/sbin/sshd.
Jan 2 14:45:12 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Someone (or something) at 92.246.211.245 attempted to login as root at least
six (6) times. The denyhosts.cfg file has DENY_THRESHOLD_ROOT = 1. The IP
associated with these login attempts did get added to hosts.deny, but it
should it not have been added after the first failed login attempt? Should
I be looking for some other setting in the .cfg file? Is this normal and
expected behavior?
Thanks for reading!
--
Jonathan S. Abrams, CEA, CBNT
Apple Certified Technical Coordinator (v10.5), Xsan 2 Admin
Treasurer, NY Section, AES
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
