Am 08.03.2013 17:40, schrieb Reindl Harald:

but you can not tell me that such attempts would not be logged maybe you have fucked your syslog-configuration or whatever

Tsk, tsk. Language!

Mar 8 17:35:13 openvas sshd[10017]: Invalid user donotexist from 10.0.0.241 Mar 8 17:35:13 openvas sshd[10018]: input_userauth_request: invalid user donotexist

Mar 8 17:37:38 openvas sshd[10172]: User vnstat from 10.0.0.241 not allowed because not listed in AllowUsers Mar 8 17:37:38 openvas sshd[10173]: input_userauth_request: invalid user vnstat

If you had actually read the thread before replying you might have noticed that it is not about these messages at all. These are messages about invalid users. I already wrote that I get these too, complete with IP addresses, even before putting in "UseDNS no". My question is about these:

Feb 10 13:32:41 dns01 sshd[16161]: Disconnecting: Too many authentication failures for root Feb 10 13:32:45 dns01 sshd[16163]: Disconnecting: Too many authentication failures for root Feb 10 13:32:48 dns01 sshd[16165]: Disconnecting: Too many authentication failures for root Feb 10 13:32:53 dns01 sshd[16167]: Disconnecting: Too many authentication failures for root Feb 10 13:32:55 dns01 sshd[16169]: Disconnecting: Too many authentication failures for root Feb 10 13:32:59 dns01 sshd[16171]: Disconnecting: Too many authentication failures for root Feb 10 13:33:02 dns01 sshd[16173]: Disconnecting: Too many authentication failures for root Feb 10 13:33:05 dns01 sshd[16175]: Disconnecting: Too many authentication failures for root Feb 10 13:33:08 dns01 sshd[16177]: Disconnecting: Too many authentication failures for root Feb 10 13:33:11 dns01 sshd[16179]: Disconnecting: Too many authentication failures for root

Do you have log entries with IP addresses for these?

Oh, before you ask, the sshd which logged these runs of course with

PermitRootLogin no PasswordAuthentication no

cat /etc/redhat-release CentOS release 6.3 (Final)

Notice the subject line? How it says "CentOS 5"? That was deliberate.