Paul Hartman wrote: > On Fri, Mar 20, 2009 at 7:25 AM, Eric Martin <freak4u...@gmail.com> wrote: >> Paul Hartman wrote: >>> On Thu, Mar 19, 2009 at 10:36 AM, Johan Blåbäck >>> <johan.bluecr...@gmail.com> wrote: >>>> I've always had usernames when it comes to sshd's log entries in >>>> auth.log, like the following: >>>> >>>> <time> <hostname> sshd[5926]: error: PAM: Authentication failure for >>>> <username> from <ip-adress> >>> Well, I don't use PAM, just key-based authentication only, so I always >>> see only the IP getting rejected since it doesn't even give them a >>> place to try a user/password :) It's just weird that it is refusing a >>> connection from u...@domain rather than simply the IP. I guess they >>> could be trying to ssh u...@myhost.net or something. The one with >>> [U2FsdGVkX19g32YZVKMsQkl+mouWITILOicY4Iq9OQo=] as the username is >>> interesting. I wonder what that's all about. >>> >> I too use only PubKey but they need to send a username so ssh knows >> where to look for the public key. Your two options boil down to >> >> 1) install fail2ban (I installed it on all of my external ssh boxes and >> I love it) >> 2) change the ssh port to something other than 22 (Security by Obscurity >> but it frees up your logs so you can see real problems). >> >> The two may me mutually exclusive as I'm not sure if you can tweak >> fail2ban's ssh rules to monitor another port. >> >> I just chock it up as log spam unless I see definite bad patterns. But >> again, with public key access only and banning root from logging in via >> ssh I don't think anybody is getting far unless there is a flaw in ssh. > > Oh, I am not concerned about the attacks. I just thought it was weird > that I saw u...@domain when I normally see only IP or only domain. > They are already refused connection as the log shows :) > > Thanks, > Paul >
yeah, after I read your message I realized that I didn't quite answer your question. Somebody mentioned they probably configured the dns PTR record incorrectly which is my guess. -- Eric Martin Key fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F
signature.asc
Description: OpenPGP digital signature
