On Tue, Dec 23, 2014 at 7:51 AM, Rich Shepard <[email protected]> wrote:
> Last Thursday or Friday the daily log reports showed fewer cracking > attempts via ssh. The number (and types) decreased over the weekend and > today there's nothing. Historically, there are hundreds to > tens-of-thousands > probes each day attempting to use ssh to enter my network. Not seeing any > is > an issue needing resolution. > > I wonder if this might be related to the DNS change that separates > appl-ecosys.com (the web site name hosted at my ISP) from > mail.appl-ecosys.com hosted here with the ever-changing dynamic IP > address. > > The oldest syslog has multiple entries (different times) of this type: > > /var/log/syslog.4:Dec 19 09:44:33 salmo sshd[23988]: warning: > /etc/hosts.allow, line 10: host name/name mismatch: dedic530.hidehost.net > != hidehost.net > /var/log/syslog.4:Dec 19 09:44:34 salmo sshd[23988]: fatal: Unable to > negotiate a key exchange method [preauth] > > That line was: ALL: LOCAL @appl-ecosys.com : allow > and I just changed that to ALL: LOCAL @salmo.appl-ecosys.com : allow > > My Web searches found nothing useful; probably poor search terms on my > part. Your suggestions and advice on how to diagnose what changed, and fix > it if it needs fixing, is needed. > > TIA, > > Rich > > North Korea has been off-line recently. -Denis _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
