Hi,
I've been seeing quite a bit of ssh bruteforce attacks which appear to
be dictionary-based. That's fine; I have proper measures in place, such
as key-only access, bruteforce tables for pf(4), and so on.
What caught my interest is if I attempt to log in from a machine where I
do not have my key, I see nothing logged about a failed publickey
attempt. If I attempt with an invalid username, as expected, I see
'Invalid user foo from ${IP}.'
Is this to be expected? If so, I am curious why. Though I realize an
attacker may not be able to see that a user is valid or invalid, might
we want to know that a valid username is being used in an attack?
(Unless, of course, the valid username is 'john'...)
Regards,
--
Glen Barber
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"