Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- wilbur lang
September 4, 2007, 9:47 am
rate this thread
only. recently, i found many brute force attacks which enumerate the
user names. then i install fail2ban which analyze the sshd's log file
and ban the failed attempts with iptables. which works very well.
today, i find many brute force attacks again, which try to login as
root. as i set the sshd to allow users from specified group only, and
root is not in this group. i got following message in log file:
User root not allowed because none of user's groups are listed in
unluckily, there're no ip address in the log file and i can't ban it.
how can i ban such attempts? please note, I will never permit root
login even with public key authentication.
Re: how to record the client's ip address in logfile
From the log message I assume you're using OpenSSH? If so, which
version? Logging of the source address for connections denied for
that reason was added in 4.0.
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum