I an running RH 9 (kernel 2.4.20-43.9.legacysmp), and I run ssh from
xinetd, using the following script in /etc/xinetd.d/ssh:
service ssh
{
disable = no
socket_type = stream
type = UNLISTED
port = 22
protocol = tcp
wait = no
user = root
server = /usr/sbin/sshd
server_args = -i -u0
only_from = 4.152.0.0 4.249.0.0 10.1.0.0 24.25.0.0
}
with quite a few more IP addresses added to the only_from line. This has
worked quite well in the past, but in the last week or so, I have been
getting break in attempts from IP addresses that should be refused
outright. The log entries look like this:
Aug 2 12:36:59 doggett sshd(pam_unix)[18868]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=216-177-163-48.block0.gvtc.com
Aug 2 12:37:03 doggett sshd(pam_unix)[18870]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=216-177-163-48.block0.gvtc.com
A reverse lookup on 216-177-163-48.block0.gvtc.com shows that it is
216.177.163.48, which is not allowed. These problems started when I
upgraded to the latest fedora legacy kernel.
Has anyone else seen problems like this, and know how to fix this problem?
TIA
Bill Tangren
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
