Last Thursday or Friday the daily log reports showed fewer cracking attempts via ssh. The number (and types) decreased over the weekend and today there's nothing. Historically, there are hundreds to tens-of-thousands probes each day attempting to use ssh to enter my network. Not seeing any is an issue needing resolution.
I wonder if this might be related to the DNS change that separates appl-ecosys.com (the web site name hosted at my ISP) from mail.appl-ecosys.com hosted here with the ever-changing dynamic IP address. The oldest syslog has multiple entries (different times) of this type: /var/log/syslog.4:Dec 19 09:44:33 salmo sshd[23988]: warning: /etc/hosts.allow, line 10: host name/name mismatch: dedic530.hidehost.net != hidehost.net /var/log/syslog.4:Dec 19 09:44:34 salmo sshd[23988]: fatal: Unable to negotiate a key exchange method [preauth] That line was: ALL: LOCAL @appl-ecosys.com : allow and I just changed that to ALL: LOCAL @salmo.appl-ecosys.com : allow My Web searches found nothing useful; probably poor search terms on my part. Your suggestions and advice on how to diagnose what changed, and fix it if it needs fixing, is needed. TIA, Rich _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
