Am 06.03.2013 19:20, schrieb Gordon Messmer:
On 03/06/2013 09:45 AM, Tilman Schmidt wrote:
Any ideas how to remedy that situation?
As long as you get the IP address for failed logins, ignore reverse mapping failures.
Trouble is, I don't:
Feb 8 00:03:09 dns01 sshd[6119]: reverse mapping checking getaddrinfo for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT! Feb 8 00:03:10 dns01 sshd[6120]: Disconnecting: Too many authentication failures for root Feb 8 00:03:19 dns01 sshd[6121]: reverse mapping checking getaddrinfo for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT! Feb 8 00:03:20 dns01 sshd[6122]: Disconnecting: Too many authentication failures for root Feb 8 00:03:22 dns01 sshd[6123]: reverse mapping checking getaddrinfo for mbl-99-61-82.dsl.net.pk failed - POSSIBLE BREAK-IN ATTEMPT! Feb 8 00:03:23 dns01 sshd[6124]: Disconnecting: Too many authentication failures for root [...]
And at the end of the day, logwatch tells me:
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user: root : 149 Time(s)
Not good.