On Sunday 07 October 2007, Remy Blank wrote: > Mick wrote: > > I have already disabled PAM authentication on sshd so that only users > > with a public key in their ~/.ssh can login. > > This is the first and most important step. This means that the only real > problem is that your logs fill with failed log in attempts. > > The easiest way I have found to avoid that is to change the port number > of the SSH daemon to something else than 22.
I am trying out fail2ban, but I am not sure I have configured it correctly. Shouldn't most of these repeated attempts have been stopped? ======================================================== Oct 12 21:01:01 support sshd[30347]: Did not receive identification string from 203.128.89.99 Oct 13 01:01:38 support sshd[26419]: Did not receive identification string from 85.8.136.219 Oct 13 01:01:38 support sshd[26422]: Did not receive identification string from 85.8.136.219 Oct 13 01:11:14 support sshd[31765]: Invalid user admin from 85.8.136.219 Oct 13 01:11:15 support sshd[31792]: Invalid user test from 85.8.136.219 Oct 13 01:11:15 support sshd[31814]: Invalid user guest from 85.8.136.219 Oct 13 01:11:16 support sshd[31833]: Invalid user webmaster from 85.8.136.219 Oct 13 01:11:17 support sshd[31852]: User mysql not allowed because account is locked Oct 13 01:11:18 support sshd[31902]: Invalid user oracle from 85.8.136.219 Oct 13 01:11:19 support sshd[31929]: Invalid user library from 85.8.136.219 Oct 13 01:11:19 support sshd[31945]: Invalid user admin from 85.8.136.219 Oct 13 01:11:20 support sshd[31952]: Invalid user info from 85.8.136.219 Oct 13 01:11:20 support sshd[31965]: Invalid user test from 85.8.136.219 Oct 13 01:11:20 support sshd[31974]: Invalid user shell from 85.8.136.219 Oct 13 01:11:21 support sshd[31999]: Invalid user guest from 85.8.136.219 Oct 13 01:11:21 support sshd[32015]: Invalid user linux from 85.8.136.219 Oct 13 01:11:22 support sshd[32026]: Invalid user webmaster from 85.8.136.219 Oct 13 01:11:22 support sshd[32036]: Invalid user unix from 85.8.136.219 Oct 13 01:11:22 support sshd[32058]: User mysql not allowed because account is locked Oct 13 01:11:23 support sshd[32080]: Invalid user oracle from 85.8.136.219 Oct 13 01:11:24 support sshd[32109]: Invalid user library from 85.8.136.219 Oct 13 01:11:24 support sshd[32123]: Invalid user test from 85.8.136.219 Oct 13 01:11:25 support sshd[32134]: Invalid user info from 85.8.136.219 Oct 13 01:11:25 support sshd[32164]: Invalid user shell from 85.8.136.219 Oct 13 01:11:26 support sshd[32175]: Invalid user admin from 85.8.136.219 Oct 13 01:11:26 support sshd[32192]: Invalid user linux from 85.8.136.219 Oct 13 01:11:27 support sshd[32200]: Invalid user guest from 85.8.136.219 Oct 13 01:11:27 support sshd[32224]: Invalid user unix from 85.8.136.219 ======================================================== I have just kept the default fail2ban config file and have not created any new log files in /var/log/. Any ideas? -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
