2009/6/19 Cisco-Education fabian@baladia.gov.kw:
Dear All,
I have the following setup running perfectly OK for a long time
CentOS release 5 (Final) sendmail-8.13.8-2.el5 MailScanner 4.76.25 bind-9.3.4-6.0.3.P1.el5_2
now i jus setup a centos box running BackupPC for backing up my my above mail server using ssh as per the instructions in backup pc site i had to enable sshd so i did it and everthing works perfect and backup works great as per my requirement
but i notice that when i do a
tail -f /var/log/secure
i see the followin very often
Jun 19 16:26:06 kmdns1 sshd[11073]: Invalid user jeka from 87.118.122.78 Jun 19 16:26:06 kmdns1 sshd[11074]: input_userauth_request: invalid user jeka Jun 19 16:26:06 kmdns1 sshd[11074]: Received disconnect from 87.118.122.78: 11: Bye Bye
Now both the Mail server and the backup pc server behind firewall and ssh protocol is denied to the hosts in the DMZ zone
jus wondering how a outside user could try to ssh to my mail server. if i stop the sshd daemon i dont see any messages in my secure log file
apprecite your addvice and help
regards
Fabian
Most likely answer -- your FW is not actually blocking ssh connections to the servers from outside the DMZ. The source of the traffic is a routable address, if it doesn't match your ip space then your FW isn't working correctly.
Brian