08-19-2004
You're probably seeing the results of this new automated ssh login tool that is discussed at length here:
http://seclists.org/lists/fulldisclo.../Jul/1109.html
I found it after I noticed many attempts from people to log in to my ssh server as either "root", "guest", "test" or "admin". The first thing I made sure was that my /etc/ssh/sshd_conf had "PerminRootLogin no" and that the line was uncommented. (I'm not in the habit of ever logging in as root, even from the console - su and sudo are my friends). Since I don't have the other 3 users on that system, there's not much to worry about from the morons who are running the ssh script.
But to get rid of the annoying attempts, I just added those IPs to a table of blocked IPs for in my (OpenBSD/PF) firewall. You can use sed and awk to parse your authlog for "Failed" or "Illegal", extract the IP from those lines, and automate something like this, depending on the firewall you use...or add them to /etc/hosts.deny. But be careful when automating this, it's easy to block valid IPs using such tools too.
Last edited by dkaplowitz; 08-19-2004 at 09:42 PM..
10 More Discussions You Might Find Interesting
1. AIX
Hi! I'm currently using AIX 4.3 and would like to know where can i find to see that there's a restriction on the number of login times a user can have. Example, I want to see whether user A has only 1 login while user B can have 2 logins (without logging off the first one).
Would I be able to... (7 Replies)
Discussion started by: ftengcheng
7 Replies
2. Shell Programming and Scripting
I am new to shellscript . PLease help me how can I write the following script.
$ who
ray pts/0 aug 31 01:18 ( 65.169.28.200 )
ray pts/1 sep 2 02:28 ( 65.169.28.200 )
bob pts/3 sep 2 02:31 ( 65.169.28.201 )
when run the command who |./ script , the script should... (3 Replies)
Discussion started by: LAY
3 Replies
3. BSD
Hello,
I have a small inquiry.
Sometimes, my good friend, Charlie Root, sends me security notifications that a possible breakin attempt has occured. It looks like this:
Oct 29 06:58:17 cigva sshd: reverse mapping checking getaddrinfo for 180.144.164.220.broad.sm.yn.dynamic.163data.com.cn ... (2 Replies)
Discussion started by: brightstorm
2 Replies
4. HP-UX
where I can set login fail ,lock time
thanks (2 Replies)
Discussion started by: alert0919
2 Replies
5. HP-UX
Hi,
I am a hobbyist with a very old machine I have been trying to get up and running. I have an HP 9000/C240 with 1G of RAM and 3-8.5G HD. It is configured with 1G SWAP/DUMP. Currently only one drive is in use via LVM. I have not gotten around to creating more volumes just yet.
It is running... (11 Replies)
Discussion started by: Dirk_
11 Replies
6. UNIX and Linux Applications
Is this possible to block particular user's email-client configuration on basis of pop/imap
settings in linux ,dovecot.conf or anywhere ?As you know when acl is defined in /etc/squid/squid.conf file according to its http_access users are able to access internet.
Before (1 Reply)
Discussion started by: sandeepvson
1 Replies
7. HP-UX
hi, i want to ask about why after im log in from CDE, it appears a pop up stated that i must go to Failsafe Session from the login screen's option menu and log in..... can anyone help??:) (2 Replies)
Discussion started by: ameer88
2 Replies
8. Red Hat
Hi all,
I got error, when i logged with webmin. please show me the way how can i login with webmin (4 Replies)
Discussion started by: mastansaheb
4 Replies
9. Solaris
Hi, I need some help regarding login issue. I have to use 8 server. The username is same at all. But when i was trying to access for particular 4 server. I got access denied error. Please help ....
Note: If i change my password by using root user. then I can able to enter into the same server.... (6 Replies)
Discussion started by: Mani_apr08
6 Replies
10. Programming
Hello,
i'm trying to implement the times() function and i'm programming in C.
I'm using the "struct tms" structure which consists of the fields:
The tms_utime structure member is the CPU time charged for the execution of user instructions of the calling process.
The tms_stime structure... (1 Reply)
Discussion started by: g_p
1 Replies
LEARN ABOUT SUSE
ssh-keysign
SSH-KEYSIGN(8) BSD System Manager's Manual SSH-KEYSIGN(8)
NAME
ssh-keysign -- ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
DESCRIPTION
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
SSH protocol version 2.
ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
EnableSSHKeysign to ``yes''.
ssh-keysign is not intended to be invoked by the user, but from ssh(1). See ssh(1) and sshd(8) for more information about host-based authen-
tication.
FILES
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, read-
able only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if host-
based authentication is used.
SEE ALSO
ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
HISTORY
ssh-keysign first appeared in OpenBSD 3.2.
AUTHORS
Markus Friedl <markus@openbsd.org>
BSD
May 31, 2007 BSD