Re: ssh security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



2009/6/19 Cisco-Education <fabian@xxxxxxxxxxxxxx>:
> Dear All,
>
> I have the following setup running perfectly OK for a long time
>
> CentOS release 5 (Final)
> sendmail-8.13.8-2.el5
> MailScanner 4.76.25
> bind-9.3.4-6.0.3.P1.el5_2
>
> now i jus setup a centos box running BackupPC for backing up my my above
> mail server using ssh as per the instructions in backup pc site
> i had to enable sshd so i did it and
> everthing works perfect and backup works great as per my requirement
>
> but i notice that when i do a
>
> tail -f /var/log/secure
>
> i see the followin very often
> ---------------------------
> Jun 19 16:26:06 kmdns1 sshd[11073]: Invalid user jeka from 87.118.122.78
> Jun 19 16:26:06 kmdns1 sshd[11074]: input_userauth_request: invalid user jeka
> Jun 19 16:26:06 kmdns1 sshd[11074]: Received disconnect from
> 87.118.122.78: 11: Bye Bye

> Now both the Mail server and the backup pc server behind firewall and ssh
> protocol is denied to the hosts in the DMZ zone
>
> jus wondering how a outside user could try to ssh to my mail server.
> if i stop the sshd daemon i dont see any messages in my secure log file
>
> apprecite your addvice and help
>
>
> regards
>
> Fabian
>
>
>

Most likely answer -- your FW is not actually blocking ssh connections
to the servers from outside the DMZ.  The source of the traffic is a
routable address, if it doesn't match your ip space then your FW isn't
working correctly.

Brian
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux