Security Incidents mailing list archives
Re: SSH attacks?
From: John Bossert <jbossert () affidian com>
Date: Thu, 29 Jul 2004 10:24:05 -0700
Alessandro, how do you have sshd configured (I'm using OpenSSH, latest(?) version) such that you get this log (username, IP) information?
I only get the "Could not get shadow information for NOUSER" line. Grazie, -john Bulgaro wrote:
I've got some logs very similar from auth.log: Jul 26 18:01:17 cabernet sshd[12014]: Illegal user test from 163.32.62.4 Jul 26 18:01:17 cabernet sshd[12014]: error: Could not get shadow information for NOUSER Jul 26 18:01:17 cabernet sshd[12014]: Failed password for illegal user test from 163.32.62.4 port 46707 ssh2
Sorry for my english Alessandro Bulgarelli
-- John BOSSERT Affidian Corporation jbossert () affidian com La thiorie, c'est quand on sait tout et que rien ne fonctionne. La pratique, c'est quand tout fonctionne et que personne ne sait pourquoi.Ici, nous avons riuni thiorie et pratique : Rien ne fonctionne... et personne ne sait pourquoi!
[Einstein]
Current thread:
- Re: SSH attacks?, (continued)
- Re: SSH attacks? Paul Schmehl (Jul 27)
- Re: SSH attacks? brandy (Jul 28)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Marcus Merrin (Jul 29)
- Re: SSH attacks? Robin (Jul 30)
- RE: SSH attacks? Herman Frederick Ebeling Jr. (Jul 30)
- Re: SSH attacks? Brian C. Lane (Jul 30)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Mike Whitley (Jul 29)
- Re: SSH attacks? David Block (Jul 29)
- Re: SSH attacks? Bulgaro (Jul 29)
- Re: SSH attacks? John Bossert (Jul 30)
- RE: SSH attacks? M Shirk (Jul 30)
- Re: SSH attacks? Valdis . Kletnieks (Jul 31)
- Re: SSH attacks? Skip Carter (Jul 30)
- Re: SSH attacks? Alexander Klimov (Jul 31)