[CentOS] CentOS 5 sshd does not log IP address of reverse mapping failure

Fri Mar 8 17:16:09 UTC 2013
Tilman Schmidt <t.schmidt at phoenixsoftware.de>

Am 08.03.2013 17:40, schrieb Reindl Harald:
> but you can not tell me that such attempts would not be logged
> maybe you have fucked your syslog-configuration or whatever

Tsk, tsk. Language!

> Mar  8 17:35:13 openvas sshd[10017]: Invalid user donotexist from 10.0.0.241
> Mar  8 17:35:13 openvas sshd[10018]: input_userauth_request: invalid user donotexist
> 
> Mar  8 17:37:38 openvas sshd[10172]: User vnstat from 10.0.0.241 not allowed because not listed in AllowUsers
> Mar  8 17:37:38 openvas sshd[10173]: input_userauth_request: invalid user vnstat

If you had actually read the thread before replying you might
have noticed that it is not about these messages at all.
These are messages about invalid users. I already wrote that
I get these too, complete with IP addresses, even before
putting in "UseDNS no". My question is about these:

Feb 10 13:32:41 dns01 sshd[16161]: Disconnecting: Too many
authentication failures for root
Feb 10 13:32:45 dns01 sshd[16163]: Disconnecting: Too many
authentication failures for root
Feb 10 13:32:48 dns01 sshd[16165]: Disconnecting: Too many
authentication failures for root
Feb 10 13:32:53 dns01 sshd[16167]: Disconnecting: Too many
authentication failures for root
Feb 10 13:32:55 dns01 sshd[16169]: Disconnecting: Too many
authentication failures for root
Feb 10 13:32:59 dns01 sshd[16171]: Disconnecting: Too many
authentication failures for root
Feb 10 13:33:02 dns01 sshd[16173]: Disconnecting: Too many
authentication failures for root
Feb 10 13:33:05 dns01 sshd[16175]: Disconnecting: Too many
authentication failures for root
Feb 10 13:33:08 dns01 sshd[16177]: Disconnecting: Too many
authentication failures for root
Feb 10 13:33:11 dns01 sshd[16179]: Disconnecting: Too many
authentication failures for root

Do you have log entries with IP addresses for these?

Oh, before you ask, the sshd which logged these runs of course with

PermitRootLogin no
PasswordAuthentication no

> cat /etc/redhat-release
> CentOS release 6.3 (Final)

Notice the subject line? How it says "CentOS 5"? That was deliberate.

-- 
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130308/7317f7ad/attachment-0003.sig>