On Mon, Jul 04, 2005 at 03:06:20AM -0500, Brian J. Woods wrote:
More info on the environment the pc's where on maybe?
Sure. My OpenBSD PC has port 22 open for protocol 2 (per the sshd_config
I'd posted) and will accept only authorized RSA keys. Apparently.
I'm on a cable network which is regularly scanned by kiddies for
weakness.
My OS is OpenBSD 3.7-current, last updated June 24, and my ssh
is 4.1, last updated April 11.
My /var/log/authlog was showing both the usual "admin" "guest" "root"
attacks, and the occasional dictionary attack. The script being used by
these kiddies seems to force a password authentication, since its otherwise
turned off.
I'm still getting attacks, so the addition of "KerberosOrLocalPasswd no"
didn't help.
Since I made the last update, I've also changed the LogLevel to DEBUG3.
Here's one of many of the latest attempts to break in shown in my authlog:
------
.
.
.
Jul 3 08:23:38 jggimi sshd[28519]: Invalid user shell from 65.118.221.232
Jul 3 08:23:38 jggimi sshd[19291]: input_userauth_request: invalid user shell
Jul 3 08:23:38 jggimi sshd[19291]: Failed password for invalid user shell from
65.118.221.232 port 29630 ssh2
Jul 3 08:23:38 jggimi sshd[19291]: Received disconnect from 65.118.221.232: 11:
Bye Bye
Jul 3 08:23:39 jggimi sshd[22844]: Invalid user linux from 65.118.221.232
Jul 3 08:23:39 jggimi sshd[18991]: input_userauth_request: invalid user linux
Jul 3 08:23:39 jggimi sshd[18991]: Failed password for invalid user linux from
65.118.221.232 port 29715 ssh2
Jul 3 08:23:39 jggimi sshd[18991]: Received disconnect from 65.118.221.232: 11:
Bye Bye
Jul 3 08:23:40 jggimi sshd[5455]: Invalid user unix from 65.118.221.232
Jul 3 08:23:40 jggimi sshd[28488]: input_userauth_request: invalid user unix
Jul 3 08:23:40 jggimi sshd[28488]: Failed password for invalid user unix from 6
5.118.221.232 port 29791 ssh2
Jul 3 08:23:40 jggimi sshd[28488]: Received disconnect from 65.118.221.232: 11:
Bye Bye
.
.
.
