[CentOS] ssh security

Cisco-Education

fabian at baladia.gov.kw
Fri Jun 19 16:54:37 UTC 2009


Dear All,

I have the following setup running perfectly OK for a long time

CentOS release 5 (Final)
sendmail-8.13.8-2.el5
MailScanner 4.76.25
bind-9.3.4-6.0.3.P1.el5_2

now i jus setup a centos box running BackupPC for backing up my my above
mail server using ssh as per the instructions in backup pc site
i had to enable sshd so i did it and
everthing works perfect and backup works great as per my requirement

but i notice that when i do a

tail -f /var/log/secure

i see the followin very often
---------------------------
Jun 19 16:26:06 kmdns1 sshd[11073]: Invalid user jeka from 87.118.122.78
Jun 19 16:26:06 kmdns1 sshd[11074]: input_userauth_request: invalid user jeka
Jun 19 16:26:06 kmdns1 sshd[11074]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:07 kmdns1 sshd[11075]: Invalid user stat from 87.118.122.78
Jun 19 16:26:07 kmdns1 sshd[11076]: input_userauth_request: invalid user stat
Jun 19 16:26:08 kmdns1 sshd[11076]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:09 kmdns1 sshd[11077]: Invalid user nikonew from 87.118.122.78
Jun 19 16:26:09 kmdns1 sshd[11078]: input_userauth_request: invalid user
nikonew
Jun 19 16:26:09 kmdns1 sshd[11078]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:10 kmdns1 sshd[11079]: Invalid user koval from 87.118.122.78
Jun 19 16:26:10 kmdns1 sshd[11080]: input_userauth_request: invalid user
koval
Jun 19 16:26:11 kmdns1 sshd[11080]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:12 kmdns1 sshd[11081]: Invalid user smk from 87.118.122.78
Jun 19 16:26:12 kmdns1 sshd[11082]: input_userauth_request: invalid user smk
Jun 19 16:26:12 kmdns1 sshd[11082]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:14 kmdns1 sshd[11083]: Invalid user ksusha from 87.118.122.78
Jun 19 16:26:14 kmdns1 sshd[11084]: input_userauth_request: invalid user
ksusha
Jun 19 16:26:14 kmdns1 sshd[11084]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:15 kmdns1 sshd[11085]: Invalid user jane from 87.118.122.78
Jun 19 16:26:15 kmdns1 sshd[11086]: input_userauth_request: invalid user jane
Jun 19 16:26:15 kmdns1 sshd[11086]: Received disconnect from
87.118.122.78: 11: Bye Bye
Jun 19 16:26:17 kmdns1 sshd[11087]: Invalid user celeron from 87.118.122.78
Jun 19 16:26:17 kmdns1 sshd[11088]: input_userauth_request: invalid user
celeron
Jun 19 16:26:17 kmdns1 sshd[11088]: Received disconnect from
87.118.122.78: 11: Bye Bye
--------------------

Now both the Mail server and the backup pc server behind firewall and ssh
protocol is denied to the hosts in the DMZ zone

jus wondering how a outside user could try to ssh to my mail server.
if i stop the sshd daemon i dont see any messages in my secure log file

apprecite your addvice and help


regards

Fabian





-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the CentOS mailing list