Entries in /var/log/secure

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've been getting these entries:

Aug 11 05:23:50 hostname sshd[1709]: Generating new 768 bit RSA key.
Aug 11 05:23:50 hostname sshd[1709]: RSA key generation complete.

This is happening several times in a couple of days.  I've also been
getting a lot of ssh login attempts from strange IP addresses.  Are
these two things related and should I be worried?

Also, what is the easiest way to only allow certain IPs to ssh login?
I'm running RedHat 9.0.


Re: Entries in /var/log/secure

s wrote on 13.08.2004 14:28:

Quoted text here. Click to load it

I think not. Look at your sshd_config. Have you changed
KeyRegenerationInterval? At the moment there are lots of ssh scanners
which looking for weak password.
Hint: Only use DSA, disable root login, keep your ssh up-to-date.

Quoted text here. Click to load it

Either iptables or host_allow.


Re: Entries in /var/log/secure


Quoted text here. Click to load it

Just in case: The above messages are not caused by using RSA, but
by using protocol version 1. Thus, disable SSHv1 and the above
messages will disappear.



Thomas Binder (Gryf @ IRCNet)
PGP-key available on request!

Re: Entries in /var/log/secure

Quoted text here. Click to load it


some simple ways to allow certain Ip's to ssh login:

1. Using public keys
2. using /etc/hosts.allow or /etc/hosts.deny files [ when tcp wrapper
support is enabled ]

1.Using Public keys

Using public key authentication you can restrict the key with ip
address. See "man sshd" for from="pattern-list".

2. Using /etc/hosts.allow

With Tcp wrapper support you can specify allowed/denied ip in the
respective files. Only the ip's specified in /etc/hosts.allow/deny are
allowed/restricted for login.

Normally /etc/hosts.allow looks

sshd: ALL

specifies no restrictions on login


specifies only the users from these ip's allowed to login.


Site Timeline