Which log file is denyhosts set up to look at in your installation? Jonathan S. Abrams wrote: > Hello, > > I have installed DenyHosts on a Mac OS X v10.5.8 server. I noticed > the following entries in the server's system.log file. > > Jan 2 14:44:56 clients sshd[22772]: Failed none for invalid user root > from 92.246.211.245 port 3206 ssh2 > Jan 2 14:44:57 clients com.apple.SecurityServer[35]: checkpw() > returned -2; failed to authenticate user root (uid 0). > Jan 2 14:44:57 clients com.apple.SecurityServer[35]: Failed to > authorize right system.login.tty by client /usr/sbin/sshd for > authorization created by /usr/sbin/sshd. > > Jan 2 14:44:57 clients sshd[22772]: Failed keyboard-interactive/pam > for invalid user root from 92.246.211.245 port 3206 ssh2 > Jan 2 14:44:58 clients com.apple.SecurityServer[35]: checkpw() > returned -2; failed to authenticate user root (uid 0). > Jan 2 14:44:58 clients com.apple.SecurityServer[35]: Failed to > authorize right system.login.tty by client /usr/sbin/sshd for > authorization created by /usr/sbin/sshd. > > Jan 2 14:44:58 clients sshd[22772]: Failed keyboard-interactive/pam > for invalid user root from 92.246.211.245 port 3206 ssh2 > Jan 2 14:44:59 clients com.apple.SecurityServer[35]: checkpw() > returned -2; failed to authenticate user root (uid 0). > Jan 2 14:44:59 clients com.apple.SecurityServer[35]: Failed to > authorize right system.login.tty by client /usr/sbin/sshd for > authorization created by /usr/sbin/sshd. > > Jan 2 14:44:59 clients sshd[22772]: Failed keyboard-interactive/pam > for invalid user root from 92.246.211.245 port 3206 ssh2 > Jan 2 14:45:01 clients com.apple.SecurityServer[35]: checkpw() > returned -2; failed to authenticate user root (uid 0). > Jan 2 14:45:03 clients com.apple.SecurityServer[35]: Failed to > authorize right system.login.tty by client /usr/sbin/sshd for > authorization created by /usr/sbin/sshd. > > Jan 2 14:45:03 clients sshd[22772]: Failed keyboard-interactive/pam > for invalid user root from 92.246.211.245 port 3206 ssh2 > Jan 2 14:45:06 clients com.apple.SecurityServer[35]: checkpw() > returned -2; failed to authenticate user root (uid 0). > Jan 2 14:45:08 clients com.apple.SecurityServer[35]: Failed to > authorize right system.login.tty by client /usr/sbin/sshd for > authorization created by /usr/sbin/sshd. > > Jan 2 14:45:08 clients sshd[22772]: Failed keyboard-interactive/pam > for invalid user root from 92.246.211.245 port 3206 ssh2 > Jan 2 14:45:10 clients com.apple.SecurityServer[35]: checkpw() > returned -2; failed to authenticate user root (uid 0). > Jan 2 14:45:12 clients com.apple.SecurityServer[35]: Failed to > authorize right system.login.tty by client /usr/sbin/sshd for > authorization created by /usr/sbin/sshd. > > Jan 2 14:45:12 clients sshd[22772]: Failed keyboard-interactive/pam > for invalid user root from 92.246.211.245 port 3206 ssh2 > > Someone (or something) at 92.246.211.245 attempted to login as root at > least six (6) times. The denyhosts.cfg file has DENY_THRESHOLD_ROOT = > 1. The IP associated with these login attempts did get added to > hosts.deny, but it should it not have been added after the first > failed login attempt? Should I be looking for some other setting in > the .cfg file? Is this normal and expected behavior? > > Thanks for reading! > > -- > Jonathan S. Abrams, CEA, CBNT > Apple Certified Technical Coordinator (v10.5), Xsan 2 Admin > Treasurer, NY Section, AES
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
