On Thursday 02 February 2006 19:37, Yaroslav Halchenko wrote: > I use AllowUsers extensively on private boxes as well and had no problem > banning bad IPs. > Usually entries you've mentioned do not go alone: > > Feb 1 20:41:15 washoe sshd[21462]: User root from 140.128.101.173 not > allowed because not listed in AllowUsers Feb 1 20:41:15 washoe > sshd[21462]: (pam_unix) authentication failure; logname= uid=0 euid=0 > tty=ssh ruser= rhost=140.128.101.173 user=root Feb 1 20:41:17 washoe > sshd[21462]: Failed password for invalid user root from 140.128.101.173 > port 34965 ssh2 > > The last one is is caught by fail2ban's failregex. > Please confirm that it is different in your case.
In my case I get something like: Feb 1 21:30:11 bandit sshd[1728]: User root from 61.134.32.18 not allowed because not listed in AllowUsers Feb 1 21:30:14 bandit sshd[1736]: User root from 61.134.32.18 not allowed because not listed in AllowUsers Feb 1 21:30:17 bandit sshd[1738]: User root from 61.134.32.18 not allowed because not listed in AllowUsers with nothing in between. Maybe you have a higher sshd Loglevel than me. I have LogLevel INFO possibly you have VERBOSE? I think that INFO is the default on a Debian install? I read a post on the Gentoo forums relating to the same thing but I didn't want to increase the LogLevel because then I would have to write more regex's for logcheck ;) > The reason why I would prefer to don't include specific regex for > "User...not allowed" is that it will increase false positives: if I mix > up a login name once - it will cause 2 entries to increment the counter > for my IP... Ah, I get you. That isn't so good. > Please have a look at your /var/log/auth.log if you have similar pattern > as mine. If so I would like to close the bug, if you have only > 'User..not allowed', then we will continue resolving the "bug" :-) Yes, it's not really a bug as such. :) hads -- Elliptic paraboloids for sale. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
