--- On Sat, 11/15/08, Jeremy Chadwick <[EMAIL PROTECTED]> wrote:
> From: Jeremy Chadwick <[EMAIL PROTECTED]>
> Subject: Re: Question about entry in auth.log
> To: "Lisa Casey" <[EMAIL PROTECTED]>
> Cc: freebsd-questions@freebsd.org
> Date: Saturday,
Also keep in mind that the user may not have actually logged in and
gotten a shell; the message you see can also happen if the individual
simply scp'd something (e.g. no shell spawned).
but this case there are other messages about scp, not sure if in auth.log
or others. i use single file for l
On Fri, Nov 14, 2008 at 11:37:15PM -0800, Jeremy Chadwick wrote:
> On Fri, Nov 14, 2008 at 10:00:13PM -0500, Lisa Casey wrote:
> > Very odd. Sigh, Michael is not vacationing in Romania. Doubt he's ever
> > been there. I got rid of the michael account (it wasn't used anyway), and
> > downloaded a
Hello,
I personally use key authentication along with DenyUsers and
AllowUsers directives
from sshd. One more thing i do regarding ssh brute force is to make
use of the max-src-conn and
max-src-conn-rate from pf firewall.
My auth logs look like:
Nov 14 11:15:36 xxx sshd[3570]: User root from 211.
Very odd. Sigh, Michael is not vacationing in Romania. Doubt he's ever been
there. I got rid of the michael account (it wasn't used anyway), and
downloaded a new copy of chkrootkit, installed it and ran it along with
chklastlog and chkwtmp. Nothing was found. Pehaps this was a harmless enough
p
Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam for
michael from 89.123.165.3 po
rt 55185 ssh2
There is a user michael on the system, but whoever was doing this was not
him.
I am assuming someone tried to break in using a valid username (michael) but
with an incorrect pas
On Fri, Nov 14, 2008 at 10:00:13PM -0500, Lisa Casey wrote:
> Very odd. Sigh, Michael is not vacationing in Romania. Doubt he's ever
> been there. I got rid of the michael account (it wasn't used anyway), and
> downloaded a new copy of chkrootkit, installed it and ran it along with
> chklastlo
On Fri, 14 Nov 2008, Tom Marchand wrote:
Or michael is vacationing in Romania.
Very odd. Sigh, Michael is not vacationing in Romania. Doubt he's ever
been there. I got rid of the michael account (it wasn't used anyway), and
downloaded a new copy of chkrootkit, installed it and ran it along
On Nov 14, 2008, at 8:00 PM, Steven Susbauer wrote:
Lisa Casey wrote:
Hi,
I run several FreeBSD servers. Today I noticed an entry in the
auth.log
on one of them that concerns me. The entry is this:
Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam
for
michael from 89
Lisa Casey wrote:
> Hi,
>
> I run several FreeBSD servers. Today I noticed an entry in the auth.log
> on one of them that concerns me. The entry is this:
>
> Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam for
> michael from 89.123.165.3 po
> rt 55185 ssh2
>
> There is a use
Hi,
I run several FreeBSD servers. Today I noticed an entry in the auth.log on
one of them that concerns me. The entry is this:
Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam for
michael from 89.123.165.3 po
rt 55185 ssh2
There is a user michael on the system, but whoe
11 matches
Mail list logo
