[CentOS] ssh security

Fri Jun 19 16:56:19 UTC 2009
Brian <emaillists at beckerspace.com>

2009/6/19 Cisco-Education <fabian at baladia.gov.kw>:
> Dear All,
>
> I have the following setup running perfectly OK for a long time
>
> CentOS release 5 (Final)
> sendmail-8.13.8-2.el5
> MailScanner 4.76.25
> bind-9.3.4-6.0.3.P1.el5_2
>
> now i jus setup a centos box running BackupPC for backing up my my above
> mail server using ssh as per the instructions in backup pc site
> i had to enable sshd so i did it and
> everthing works perfect and backup works great as per my requirement
>
> but i notice that when i do a
>
> tail -f /var/log/secure
>
> i see the followin very often
> ---------------------------
> Jun 19 16:26:06 kmdns1 sshd[11073]: Invalid user jeka from 87.118.122.78
> Jun 19 16:26:06 kmdns1 sshd[11074]: input_userauth_request: invalid user jeka
> Jun 19 16:26:06 kmdns1 sshd[11074]: Received disconnect from
> 87.118.122.78: 11: Bye Bye

> Now both the Mail server and the backup pc server behind firewall and ssh
> protocol is denied to the hosts in the DMZ zone
>
> jus wondering how a outside user could try to ssh to my mail server.
> if i stop the sshd daemon i dont see any messages in my secure log file
>
> apprecite your addvice and help
>
>
> regards
>
> Fabian
>
>
>

Most likely answer -- your FW is not actually blocking ssh connections
to the servers from outside the DMZ.  The source of the traffic is a
routable address, if it doesn't match your ip space then your FW isn't
working correctly.

Brian