re: getting pam to put the ip address in the log
Date: Tue, 19 Aug 2008 14:02:59 +0200 > Recently I have been seeing lots of connections to my sshd trying to > guess passwords. One thing I noticed was the hostname reported in the > auth.log without reverse dns. sshd never puts in the ip address, this > is all I see: > sshd[14450]: error: PAM: authentication error for illegal user access > from host1.xxx.br > Is it possible to get pam or sshd or whatever is ultimatly logging > this to put the ip address in the log so I can see where this is > really coming from? I don't know about the log format (I'd run it through and AWK script that does the translation), but maybe you want to consider using PF to block those repeated attempts. I've been contemplating this after reading the PF tutorial http://www.bsdly.net/~peter/pf.html which indicates an automated way to catch those IP's and stick them into a block list so after a few attempts your machine stops responding. -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: getting pam to put the ip address in the log
On Tue, Aug 19, 2008 at 2:02 PM, Michael Grant <[EMAIL PROTECTED]> wrote: > Recently I have been seeing lots of connections to my sshd trying to guess > passwords. One thing I noticed was the hostname reported in the auth.log > without reverse dns. sshd never puts in the ip address, this is all I see: > > sshd[14450]: error: PAM: authentication error for illegal user access from > host1.xxx.br > > Is it possible to get pam or sshd or whatever is ultimatly logging this to > put the ip address in the log so I can see where this is really coming from? > > Michael Grant > Ths seems to work: Put this in /etc/ssh/sshd_config: UseDNS no ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
getting pam to put the ip address in the log
Recently I have been seeing lots of connections to my sshd trying to guess passwords. One thing I noticed was the hostname reported in the auth.log without reverse dns. sshd never puts in the ip address, this is all I see: sshd[14450]: error: PAM: authentication error for illegal user access from host1.xxx.br Is it possible to get pam or sshd or whatever is ultimatly logging this to put the ip address in the log so I can see where this is really coming from? Michael Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"