Re: CentOS 5 sshd does not log IP address of reverse mapping failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Am 08.03.2013 17:40, schrieb Reindl Harald:
> but you can not tell me that such attempts would not be logged
> maybe you have fucked your syslog-configuration or whatever

Tsk, tsk. Language!

> Mar  8 17:35:13 openvas sshd[10017]: Invalid user donotexist from 10.0.0.241
> Mar  8 17:35:13 openvas sshd[10018]: input_userauth_request: invalid user donotexist
> 
> Mar  8 17:37:38 openvas sshd[10172]: User vnstat from 10.0.0.241 not allowed because not listed in AllowUsers
> Mar  8 17:37:38 openvas sshd[10173]: input_userauth_request: invalid user vnstat

If you had actually read the thread before replying you might
have noticed that it is not about these messages at all.
These are messages about invalid users. I already wrote that
I get these too, complete with IP addresses, even before
putting in "UseDNS no". My question is about these:

Feb 10 13:32:41 dns01 sshd[16161]: Disconnecting: Too many
authentication failures for root
Feb 10 13:32:45 dns01 sshd[16163]: Disconnecting: Too many
authentication failures for root
Feb 10 13:32:48 dns01 sshd[16165]: Disconnecting: Too many
authentication failures for root
Feb 10 13:32:53 dns01 sshd[16167]: Disconnecting: Too many
authentication failures for root
Feb 10 13:32:55 dns01 sshd[16169]: Disconnecting: Too many
authentication failures for root
Feb 10 13:32:59 dns01 sshd[16171]: Disconnecting: Too many
authentication failures for root
Feb 10 13:33:02 dns01 sshd[16173]: Disconnecting: Too many
authentication failures for root
Feb 10 13:33:05 dns01 sshd[16175]: Disconnecting: Too many
authentication failures for root
Feb 10 13:33:08 dns01 sshd[16177]: Disconnecting: Too many
authentication failures for root
Feb 10 13:33:11 dns01 sshd[16179]: Disconnecting: Too many
authentication failures for root

Do you have log entries with IP addresses for these?

Oh, before you ask, the sshd which logged these runs of course with

PermitRootLogin no
PasswordAuthentication no

> cat /etc/redhat-release
> CentOS release 6.3 (Final)

Notice the subject line? How it says "CentOS 5"? That was deliberate.

-- 
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux