[CentOS] ssh security

Fri Jun 19 20:12:43 UTC 2009
fabian <fabian at baladia.gov.kw>

Dear All,

Tahnks to all you guys for immediate reply
by the way i jus hav modified the firewall by explicitly specifiying a
rule to block ssh traffic from outside

i will wait for sometime and check the log again

thnaks again guys
apprecite your replies

Regards

Fabian


> 2009/6/19 Cisco-Education <fabian at baladia.gov.kw>:
>> Dear All,
>>
>> I have the following setup running perfectly OK for a long time
>>
>> CentOS release 5 (Final)
>> sendmail-8.13.8-2.el5
>> MailScanner 4.76.25
>> bind-9.3.4-6.0.3.P1.el5_2
>>
>> now i jus setup a centos box running BackupPC for backing up my my above
>> mail server using ssh as per the instructions in backup pc site
>> i had to enable sshd so i did it and
>> everthing works perfect and backup works great as per my requirement
>>
>> but i notice that when i do a
>>
>> tail -f /var/log/secure
>>
>> i see the followin very often
>> ---------------------------
>> Jun 19 16:26:06 kmdns1 sshd[11073]: Invalid user jeka from 87.118.122.78
>> Jun 19 16:26:06 kmdns1 sshd[11074]: input_userauth_request: invalid user
>> jeka
>> Jun 19 16:26:06 kmdns1 sshd[11074]: Received disconnect from
>> 87.118.122.78: 11: Bye Bye
>
>> Now both the Mail server and the backup pc server behind firewall and
>> ssh
>> protocol is denied to the hosts in the DMZ zone
>>
>> jus wondering how a outside user could try to ssh to my mail server.
>> if i stop the sshd daemon i dont see any messages in my secure log file
>>
>> apprecite your addvice and help
>>
>>
>> regards
>>
>> Fabian
>>
>>
>>
>
> Most likely answer -- your FW is not actually blocking ssh connections
> to the servers from outside the DMZ.  The source of the traffic is a
> routable address, if it doesn't match your ip space then your FW isn't
> working correctly.
>
> Brian
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.