Thanks for responding.
private/var/log/secure.log
These are the corresponding entries in the orivate/var/log/secure.log file.
Jan 2 14:44:42 clients sshd[22767]: Did not receive identification string
from 92.246.211.245
Jan 2 14:44:56 clients sshd[22772]: Failed none for invalid user root from
92.246.211.245 port 3206 ssh2
Jan 2 14:44:57 clients sshd[22772]: error: PAM: Authentication failure for
illegal user root from 92.246.211.245
Jan 2 14:44:57 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Jan 2 14:44:58 clients sshd[22772]: error: PAM: Authentication failure for
illegal user root from 92.246.211.245
Jan 2 14:44:58 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Jan 2 14:44:59 clients sshd[22772]: error: PAM: Authentication failure for
illegal user root from 92.246.211.245
Jan 2 14:44:59 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Jan 2 14:45:03 clients sshd[22772]: error: PAM: Authentication failure for
illegal user root from 92.246.211.245
Jan 2 14:45:03 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Jan 2 14:45:08 clients sshd[22772]: error: PAM: Authentication failure for
illegal user root from 92.246.211.245
Jan 2 14:45:08 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
Jan 2 14:45:12 clients sshd[22772]: error: PAM: Authentication failure for
illegal user root from 92.246.211.245
Jan 2 14:45:12 clients sshd[22772]: Failed keyboard-interactive/pam for
invalid user root from 92.246.211.245 port 3206 ssh2
--
Jonathan S. Abrams, CEA, CBNT
Apple Certified Technical Coordinator (v10.5), Xsan 2 Admin
Treasurer, NY Section, AES
On Mon, Jan 3, 2011 at 2:46 PM, Robert Wyatt <chupacerv...@gmail.com> wrote:
> Which log file is denyhosts set up to look at in your installation?
>
>
> Jonathan S. Abrams wrote:
>
>> Hello,
>>
>> I have installed DenyHosts on a Mac OS X v10.5.8 server. I noticed the
>> following entries in the server's system.log file.
>>
>> Jan 2 14:44:56 clients sshd[22772]: Failed none for invalid user root
>> from 92.246.211.245 port 3206 ssh2
>> Jan 2 14:44:57 clients com.apple.SecurityServer[35]: checkpw() returned
>> -2; failed to authenticate user root (uid 0).
>> Jan 2 14:44:57 clients com.apple.SecurityServer[35]: Failed to authorize
>> right system.login.tty by client /usr/sbin/sshd for authorization created by
>> /usr/sbin/sshd.
>>
>> Jan 2 14:44:57 clients sshd[22772]: Failed keyboard-interactive/pam for
>> invalid user root from 92.246.211.245 port 3206 ssh2
>> Jan 2 14:44:58 clients com.apple.SecurityServer[35]: checkpw() returned
>> -2; failed to authenticate user root (uid 0).
>> Jan 2 14:44:58 clients com.apple.SecurityServer[35]: Failed to authorize
>> right system.login.tty by client /usr/sbin/sshd for authorization created by
>> /usr/sbin/sshd.
>>
>> Jan 2 14:44:58 clients sshd[22772]: Failed keyboard-interactive/pam for
>> invalid user root from 92.246.211.245 port 3206 ssh2
>> Jan 2 14:44:59 clients com.apple.SecurityServer[35]: checkpw() returned
>> -2; failed to authenticate user root (uid 0).
>> Jan 2 14:44:59 clients com.apple.SecurityServer[35]: Failed to authorize
>> right system.login.tty by client /usr/sbin/sshd for authorization created by
>> /usr/sbin/sshd.
>>
>> Jan 2 14:44:59 clients sshd[22772]: Failed keyboard-interactive/pam for
>> invalid user root from 92.246.211.245 port 3206 ssh2
>> Jan 2 14:45:01 clients com.apple.SecurityServer[35]: checkpw() returned
>> -2; failed to authenticate user root (uid 0).
>> Jan 2 14:45:03 clients com.apple.SecurityServer[35]: Failed to authorize
>> right system.login.tty by client /usr/sbin/sshd for authorization created by
>> /usr/sbin/sshd.
>>
>> Jan 2 14:45:03 clients sshd[22772]: Failed keyboard-interactive/pam for
>> invalid user root from 92.246.211.245 port 3206 ssh2
>> Jan 2 14:45:06 clients com.apple.SecurityServer[35]: checkpw() returned
>> -2; failed to authenticate user root (uid 0).
>> Jan 2 14:45:08 clients com.apple.SecurityServer[35]: Failed to authorize
>> right system.login.tty by client /usr/sbin/sshd for authorization created by
>> /usr/sbin/sshd.
>>
>> Jan 2 14:45:08 clients sshd[22772]: Failed keyboard-interactive/pam for
>> invalid user root from 92.246.211.245 port 3206 ssh2
>> Jan 2 14:45:10 clients com.apple.SecurityServer[35]: checkpw() returned
>> -2; failed to authenticate user root (uid 0).
>> Jan 2 14:45:12 clients com.apple.SecurityServer[35]: Failed to authorize
>> right system.login.tty by client /usr/sbin/sshd for authorization created by
>> /usr/sbin/sshd.
>>
>> Jan 2 14:45:12 clients sshd[22772]: Failed keyboard-interactive/pam for
>> invalid user root from 92.246.211.245 port 3206 ssh2
>>
>> Someone (or something) at 92.246.211.245 attempted to login as root at
>> least six (6) times. The denyhosts.cfg file has DENY_THRESHOLD_ROOT = 1.
>> The IP associated with these login attempts did get added to hosts.deny,
>> but it should it not have been added after the first failed login attempt?
>> Should I be looking for some other setting in the .cfg file? Is this
>> normal and expected behavior?
>>
>> Thanks for reading!
>>
>> --
>> Jonathan S. Abrams, CEA, CBNT
>> Apple Certified Technical Coordinator (v10.5), Xsan 2 Admin
>> Treasurer, NY Section, AES
>
>
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
