[CentOS] ssh security

Brian emaillists at beckerspace.com
Fri Jun 19 16:56:19 UTC 2009

2009/6/19 Cisco-Education <fabian at baladia.gov.kw>:
> Dear All,
> I have the following setup running perfectly OK for a long time
> CentOS release 5 (Final)
> sendmail-8.13.8-2.el5
> MailScanner 4.76.25
> bind-9.3.4-6.0.3.P1.el5_2
> now i jus setup a centos box running BackupPC for backing up my my above
> mail server using ssh as per the instructions in backup pc site
> i had to enable sshd so i did it and
> everthing works perfect and backup works great as per my requirement
> but i notice that when i do a
> tail -f /var/log/secure
> i see the followin very often
> ---------------------------
> Jun 19 16:26:06 kmdns1 sshd[11073]: Invalid user jeka from
> Jun 19 16:26:06 kmdns1 sshd[11074]: input_userauth_request: invalid user jeka
> Jun 19 16:26:06 kmdns1 sshd[11074]: Received disconnect from
> 11: Bye Bye

> Now both the Mail server and the backup pc server behind firewall and ssh
> protocol is denied to the hosts in the DMZ zone
> jus wondering how a outside user could try to ssh to my mail server.
> if i stop the sshd daemon i dont see any messages in my secure log file
> apprecite your addvice and help
> regards
> Fabian

Most likely answer -- your FW is not actually blocking ssh connections
to the servers from outside the DMZ.  The source of the traffic is a
routable address, if it doesn't match your ip space then your FW isn't
working correctly.


More information about the CentOS mailing list