From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-70665-garchives=archives.gentoo.org@gentoo.org>)
	id 1Igeij-0005MF-OA
	for garchives@archives.gentoo.org; Sat, 13 Oct 2007 10:59:50 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l9DAmSSQ002304;
	Sat, 13 Oct 2007 10:48:28 GMT
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171])
	by robin.gentoo.org (8.14.1/8.14.0) with ESMTP id l9DAiFDp029985
	for <gentoo-user@lists.gentoo.org>; Sat, 13 Oct 2007 10:44:15 GMT
Received: by ug-out-1314.google.com with SMTP id j3so709851ugf
        for <gentoo-user@lists.gentoo.org>; Sat, 13 Oct 2007 03:44:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:from:reply-to:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:message-id;
        bh=NKdwb610SG3/4qTMJB2Af6oGpwHThJpQV4ONLu1txis=;
        b=LAY6aRa6OCLLOvPEI5IJe7EMACM7S2p3C1qUrVDu+5y66KYxF0fmwGdlNOa4hr1w4C5xhyIQ3zGNI7r/rdNCF3mBhnp681KgW1EILBtNeJ/FH7vXug85uOkO8SUarBHQqO0TSpC+btL92jBVBnB1L3COz4yp2CNKSVKPqE4toNM=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:from:reply-to:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:message-id;
        b=HTi+F1l8ftsV0FewHUegjKw0VrFCea8sXDPtVOzTJszBFO8Hcdf3hdgxUSGZbjUU24OjfFzHp3ZBlF881hgSCqB29qR/2LLIlh0Zgxhc+ogw9TYhOAXYuGJlwrb6xLTgzXUguKZ4mdK8L7O4TTCHac9TX4twGPK4F7eA0iSHUP8=
Received: by 10.67.21.11 with SMTP id y11mr5431059ugi.1192272254708;
        Sat, 13 Oct 2007 03:44:14 -0700 (PDT)
Received: from lappy.study ( [213.162.120.196])
        by mx.google.com with ESMTPS id c22sm506261ika.2007.10.13.03.44.12
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sat, 13 Oct 2007 03:44:12 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user]  Re: Break In attempts
Date: Sat, 13 Oct 2007 11:43:59 +0100
User-Agent: KMail/1.9.7
References: <200710071040.23437.michaelkintzios@gmail.com> <feb7qh$bu$1@sea.gmane.org>
In-Reply-To: <feb7qh$bu$1@sea.gmane.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1799518.q37W3Y5j4H";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200710131144.08737.michaelkintzios@gmail.com>
X-Archives-Salt: b8282099-93c8-46f5-b55c-855c40bd5be8
X-Archives-Hash: a774861ef4d94ebb16a014d42f0fffa9

--nextPart1799518.q37W3Y5j4H
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Sunday 07 October 2007, Remy Blank wrote:
> Mick wrote:
> > I have already disabled PAM authentication on sshd so that only users
> > with a public key in their ~/.ssh can login.
>
> This is the first and most important step. This means that the only real
> problem is that your logs fill with failed log in attempts.
>
> The easiest way I have found to avoid that is to change the port number
> of the SSH daemon to something else than 22.

I am trying out fail2ban, but I am not sure I have configured it correctly.=
 =20
Shouldn't most of these repeated attempts have been stopped?
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
Oct 12 21:01:01 support sshd[30347]: Did not receive identification string=
=20
from 203.128.89.99
Oct 13 01:01:38 support sshd[26419]: Did not receive identification string=
=20
from 85.8.136.219
Oct 13 01:01:38 support sshd[26422]: Did not receive identification string=
=20
from 85.8.136.219
Oct 13 01:11:14 support sshd[31765]: Invalid user admin from 85.8.136.219
Oct 13 01:11:15 support sshd[31792]: Invalid user test from 85.8.136.219
Oct 13 01:11:15 support sshd[31814]: Invalid user guest from 85.8.136.219
Oct 13 01:11:16 support sshd[31833]: Invalid user webmaster from 85.8.136.2=
19
Oct 13 01:11:17 support sshd[31852]: User mysql not allowed because account=
 is=20
locked
Oct 13 01:11:18 support sshd[31902]: Invalid user oracle from 85.8.136.219
Oct 13 01:11:19 support sshd[31929]: Invalid user library from 85.8.136.219
Oct 13 01:11:19 support sshd[31945]: Invalid user admin from 85.8.136.219
Oct 13 01:11:20 support sshd[31952]: Invalid user info from 85.8.136.219
Oct 13 01:11:20 support sshd[31965]: Invalid user test from 85.8.136.219
Oct 13 01:11:20 support sshd[31974]: Invalid user shell from 85.8.136.219
Oct 13 01:11:21 support sshd[31999]: Invalid user guest from 85.8.136.219
Oct 13 01:11:21 support sshd[32015]: Invalid user linux from 85.8.136.219
Oct 13 01:11:22 support sshd[32026]: Invalid user webmaster from 85.8.136.2=
19
Oct 13 01:11:22 support sshd[32036]: Invalid user unix from 85.8.136.219
Oct 13 01:11:22 support sshd[32058]: User mysql not allowed because account=
 is=20
locked
Oct 13 01:11:23 support sshd[32080]: Invalid user oracle from 85.8.136.219
Oct 13 01:11:24 support sshd[32109]: Invalid user library from 85.8.136.219
Oct 13 01:11:24 support sshd[32123]: Invalid user test from 85.8.136.219
Oct 13 01:11:25 support sshd[32134]: Invalid user info from 85.8.136.219
Oct 13 01:11:25 support sshd[32164]: Invalid user shell from 85.8.136.219
Oct 13 01:11:26 support sshd[32175]: Invalid user admin from 85.8.136.219
Oct 13 01:11:26 support sshd[32192]: Invalid user linux from 85.8.136.219
Oct 13 01:11:27 support sshd[32200]: Invalid user guest from 85.8.136.219
Oct 13 01:11:27 support sshd[32224]: Invalid user unix from 85.8.136.219
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D

I have just kept the default fail2ban config file and have not created any =
new=20
log files in /var/log/.

Any ideas?
=2D-=20
Regards,
Mick

--nextPart1799518.q37W3Y5j4H
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBHEKFw5Fp0QerLYPcRAm0uAJ0dbj9NIqic2FNnlo1yNakiObZulwCeOGyX
2WWbVfZlr1YTuENskOMHIog=
=Dlsw
-----END PGP SIGNATURE-----

--nextPart1799518.q37W3Y5j4H--
-- 
gentoo-user@gentoo.org mailing list