12-08-2004
being probed Fedora core 2
Lucky me...someone's trying to hack into my mythtv box through ssh. Can I make a policy or something similar to refuse connections from a specific IP after a certain amount of failed logins?
attached is some of the output from /var/log/messages
Quote:
Dec 5 08:12:38 localhost sshd[12129]: Did not receive identification string from ::ffff:221.162.104.14
Dec 5 08:22:09 localhost sshd[12130]: Failed password for nobody from ::ffff:221.162.104.14 port 4760 ssh2
Dec 5 08:22:12 localhost sshd[12132]: Illegal user patrick from ::ffff:221.162.104.14
Dec 5 08:22:14 localhost sshd[12132]: Failed password for illegal user patrick from ::ffff:221.162.104.14 port 4925 ssh2
Dec 5 08:22:16 localhost sshd[12134]: Illegal user patrick from ::ffff:221.162.104.14
Dec 5 08:22:19 localhost sshd[12134]: Failed password for illegal user patrick from ::ffff:221.162.104.14 port 1092 ssh2
Dec 5 08:22:24 localhost sshd[12136]: Failed password for root from ::ffff:221.162.104.14 port 1236 ssh2
Dec 5 08:22:28 localhost sshd[12138]: Failed password for root from ::ffff:221.162.104.14 port 1368 ssh2
Dec 5 08:22:33 localhost sshd[12140]: Failed password for root from ::ffff:221.162.104.14 port 1509 ssh2
Dec 5 08:22:38 localhost sshd[12142]: Failed password for root from ::ffff:221.162.104.14 port 1635 ssh2
Dec 5 08:22:43 localhost sshd[12144]: Failed password for root from ::ffff:221.162.104.14 port 1780 ssh2
Dec 5 08:22:45 localhost sshd[12146]: Illegal user rolo from ::ffff:221.162.104.14
Dec 5 08:22:48 localhost sshd[12146]: Failed password for illegal user rolo from ::ffff:221.162.104.14 port 1902 ssh2
Dec 5 08:22:50 localhost sshd[12148]: Illegal user iceuser from ::ffff:221.162.104.14
Dec 5 08:22:52 localhost sshd[12148]: Failed password for illegal user iceuser from ::ffff:221.162.104.14 port 2042 ssh2
Dec 5 08:22:55 localhost sshd[12150]: Illegal user horde from ::ffff:221.162.104.14
Dec 5 08:22:57 localhost sshd[12150]: Failed password for illegal user horde from ::ffff:221.162.104.14 port 2182 ssh2
Dec 5 08:22:59 localhost sshd[12152]: Illegal user cyrus from ::ffff:221.162.104.14
Dec 5 08:23:02 localhost sshd[12152]: Failed password for illegal user cyrus from ::ffff:221.162.104.14 port 2322 ssh2
Dec 5 08:23:04 localhost sshd[12154]: Illegal user www from ::ffff:221.162.104.14
Dec 5 08:23:06 localhost sshd[12154]: Failed password for illegal user www from ::ffff:221.162.104.14 port 2447 ssh2
Dec 5 08:23:09 localhost sshd[12156]: Illegal user wwwrun from ::ffff:221.162.104.14
10 More Discussions You Might Find Interesting
1. Linux
These are not my desktop (I am still using FC1), they are from Internet forum.
http://gator.dt.uh.edu/~yangm001/snapshot1.jpg
http://gator.dt.uh.edu/~yangm001/snapshot2.jpg (0 Replies)
Discussion started by: HOUSCOUS
0 Replies
2. Linux
I have done some research on the Fedora Project and trying to find clear cut answer on how to migrate from current OS - RH 8.0 Pro to Fedora Core 2. Can anybody help me with this and does Fedora Core 2 include OpenOffice and Ximian Evolution like with my RH 8.0 Pro. (3 Replies)
Discussion started by: Mark McWilliams
3 Replies
3. Linux
I've been using FC2, but my sound card doesn't work
I'm new with linux systems..
but there says that needs to recompile kernel
how can i do it with a kernel 2.6.5 i386 ?
by the way,. my sound card chipset is an ESS 1869F, with a compaq deskpro Smal Form Factor. but i have not found a... (4 Replies)
Discussion started by: Quake
4 Replies
4. Linux
Hiya all,
Hope you can help.
I keep getting the same Error message when I try to install. I have tried several different Diskettes. And I finally ordered CDs from "FASTDISCs". The install "disc Checks" passed fine on these.
The error:
"The package usbitils-0.11.6.1 cannot be opened. ... (8 Replies)
Discussion started by: marty 600
8 Replies
5. Linux
I'm pretty much new to this Linux stuff, I installed FC4 the other night to try it out.
I'm having a slight problem when launching Quake 3, it's giving me the error GLimp_Init() - could not load OpenGL subsystem
I've updated my video drivers to the latest version and went through fglrxconfig,... (3 Replies)
Discussion started by: Filth Pig
3 Replies
6. UNIX for Dummies Questions & Answers
Hello,
I am about to install Fedora on a partition on my hard drive. I got the CD from a magazine and it isnt a LiveCD so the magazine says "fedora core installer isn't a LiveCD, so it will merrily destroy your primary partition when you install on your machine", now I'm guessing the primary... (1 Reply)
Discussion started by: ArkNia
1 Replies
7. UNIX for Dummies Questions & Answers
Hello I'm trying to install fedora core 5 and I'm currently at this screen here:
http://fedora.redhat.com/docs/fedora-install-guide-en/fc5/figs/installingpackages.png
However, the bottom bar is completely gray and there's nothing telling me the "status" of the install. I also told it to format... (2 Replies)
Discussion started by: obeseogre
2 Replies
8. Linux
hi all
i am currently using fedora core 3 . i downloaded the iso image of fedora core 6 but after installing the fedora core 6 . while starting linux it gives a error saying init is been killed .
wht is happened?
thank u (3 Replies)
Discussion started by: nageshrk
3 Replies
9. Linux
hi i dont know much about linux but my boss gave me a job to backup all the mysql database and tables from fedora core4 running as web/database server. i can enter in fedora using remote desktop from my laptop but after that i am unable to do anything. if any one can help me in finding mysql and... (3 Replies)
Discussion started by: obstinate
3 Replies
10. SuSE
Hi. Not sure if this should go in the beginners section, so forgivness please if it's not correctly placed.
I just installed Linux Fedora Core 6 on my home computer (and am very very new to this) so I can learn more about it. However, I am looking for the FC6 equivalent to the System Device... (2 Replies)
Discussion started by: Carl1976
2 Replies
LEARN ABOUT LINUX
ssh-copy-id
SSH-COPY-ID(1) General Commands Manual SSH-COPY-ID(1)
NAME
ssh-copy-id - install your public key in a remote machine's authorized_keys
SYNOPSIS
ssh-copy-id [-i [identity_file]] [user@]machine
DESCRIPTION
ssh-copy-id is a script that uses ssh to log into a remote machine and append the indicated identity file to that machine's ~/.ssh/autho-
rized_keys file.
If the -i option is given then the identity file (defaults to ~/.ssh/id_rsa.pub) is used, regardless of whether there are any keys in your
ssh-agent. Otherwise, if this:
ssh-add -L
provides any output, it uses that in preference to the identity file.
If the -i option is used, or the ssh-add produced no output, then it uses the contents of the identity file. Once it has one or more fin-
gerprints (by whatever means) it uses ssh to append them to ~/.ssh/authorized_keys on the remote machine (creating the file, and directory,
if necessary.)
NOTES
This program does not modify the permissions of any pre-existing files or directories. Therefore, if the remote sshd has StrictModes set in
its configuration, then the user's home, ~/.ssh folder, and ~/.ssh/authorized_keys file may need to have group writability disabled manu-
ally, e.g. via
chmod go-w ~ ~/.ssh ~/.ssh/authorized_keys
on the remote machine.
SEE ALSO
ssh(1), ssh-agent(1), sshd(8)
OpenSSH 14 November 1999 SSH-COPY-ID(1)