οι γερμανοί ξανάρχονται με ...ssh :)

Dimitris Kalamaras dimitris.kalamaras at compupress.gr
Fri Dec 22 12:54:32 EET 2006 

Καλησπέρα, 

έχω ένα πιθανό πρόβλημα με το ssh. Βλέπω στο /var/log/secure (δείτε
παρακάτω) ότι κάποιος υπολογιστής από τη Γερμανία (;)(arcor-ip.net μου
δίνει το whois) προσπαθούσε χτες για καμιά ώρα να συνδεθεί με SSH με το
PC μου. Στο router  έχω ανοικτή μόνο την SSH πόρτα. Αναρωτιέμαι τι κάνει
κανείς σε αυτές τις περιπτώσεις (πέραν των προσευχών ή του κλεισίματος
της πόρτας); Στέλνει παραπονιάρικο email σε κάποια από τις διευθύνσεις
του whois; Υπάρχει τρόπος να μάθω περισσότερα για τη συγκεκριμένη IP ή
πιθανώς είναι κάποια dynamic σαν τη δικιά μου; Και επίσης πόσο ασφαλές
είναι το SSH; Αν το αφήσω, κάποια στιγμή θα το σπάσει σωστά; Μπορώ να
βάλω κάποιο IP ban για όλες τις IP εκτός από εκείνη από την οποία
συνδέομαι εγώ ( ~/.ssh/known_hosts); Υπάρχει κάτι άλλο;

ευχαριστώ και καλές γιορτές,

--Δημήτρης

===-ΑΠΟΣΠΑΣΜΑ ΑΠΟ /var/log/secure -===

Dec 21 22:22:05 localhost sshd[20679]: Failed password for root from
212.144.5.227 port 47216 ssh2
Dec 21 22:22:06 localhost sshd[20682]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:08 localhost sshd[20683]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227  user=root
Dec 21 22:22:10 localhost sshd[20683]: Failed password for root from
212.144.5.227 port 49765 ssh2
Dec 21 22:22:10 localhost sshd[20686]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:12 localhost sshd[20687]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227  user=root
Dec 21 22:22:14 localhost sshd[20687]: Failed password for root from
212.144.5.227 port 52025 ssh2
Dec 21 22:22:15 localhost sshd[20690]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:16 localhost sshd[20691]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227  user=root
Dec 21 22:22:18 localhost sshd[20691]: Failed password for root from
212.144.5.227 port 54417 ssh2
Dec 21 22:22:19 localhost sshd[20694]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:20 localhost sshd[20695]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227  user=root
Dec 21 22:22:23 localhost sshd[20695]: Failed password for root from
212.144.5.227 port 56742 ssh2
Dec 21 22:22:23 localhost sshd[20698]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:25 localhost sshd[20699]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227  user=root
Dec 21 22:22:27 localhost sshd[20699]: Failed password for root from
212.144.5.227 port 58828 ssh2
Dec 21 22:22:27 localhost sshd[20702]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:29 localhost sshd[20703]: Invalid user admin from
212.144.5.227
Dec 21 22:22:29 localhost sshd[20706]: input_userauth_request: invalid
user admin
Dec 21 22:22:29 localhost sshd[20703]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:22:29 localhost sshd[20703]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227
Dec 21 22:22:29 localhost sshd[20703]: pam_succeed_if(sshd:auth): error
retrieving information about user admin
Dec 21 22:22:32 localhost sshd[20703]: Failed password for invalid user
admin from 212.144.5.227 port 60903 ssh2
Dec 21 22:22:32 localhost sshd[20706]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:33 localhost sshd[20707]: Invalid user admin from
212.144.5.227
Dec 21 22:22:34 localhost sshd[20710]: input_userauth_request: invalid
user admin
Dec 21 22:22:34 localhost sshd[20707]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:22:34 localhost sshd[20707]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227
Dec 21 22:22:34 localhost sshd[20707]: pam_succeed_if(sshd:auth): error
retrieving information about user admin
Dec 21 22:22:35 localhost sshd[20707]: Failed password for invalid user
admin from 212.144.5.227 port 34944 ssh2
Dec 21 22:22:36 localhost sshd[20710]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:37 localhost sshd[20711]: Invalid user admin from
212.144.5.227
Dec 21 22:22:37 localhost sshd[20714]: input_userauth_request: invalid
user admin
Dec 21 22:22:37 localhost sshd[20711]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:22:37 localhost sshd[20711]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227
Dec 21 22:22:37 localhost sshd[20711]: pam_succeed_if(sshd:auth): error
retrieving information about user admin
Dec 21 22:22:39 localhost sshd[20711]: Failed password for invalid user
admin from 212.144.5.227 port 36843 ssh2
Dec 21 22:22:39 localhost sshd[20714]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:41 localhost sshd[20715]: Invalid user admin from
212.144.5.227
Dec 21 22:22:41 localhost sshd[20718]: input_userauth_request: invalid
user admin
Dec 21 22:22:41 localhost sshd[20715]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:22:41 localhost sshd[20715]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227
Dec 21 22:22:41 localhost sshd[20715]: pam_succeed_if(sshd:auth): error
retrieving information about user admin
Dec 21 22:22:43 localhost sshd[20715]: Failed password for invalid user
admin from 212.144.5.227 port 38549 ssh2
Dec 21 22:22:44 localhost sshd[20718]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:46 localhost sshd[20719]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227  user=root
Dec 21 22:22:47 localhost sshd[20719]: Failed password for root from
212.144.5.227 port 40826 ssh2
Dec 21 22:22:47 localhost sshd[20722]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:49 localhost sshd[20723]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227  user=root
Dec 21 22:22:51 localhost sshd[20723]: Failed password for root from
212.144.5.227 port 42708 ssh2
Dec 21 22:22:51 localhost sshd[20726]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:53 localhost sshd[20728]: Invalid user test from
212.144.5.227
Dec 21 22:22:53 localhost sshd[20731]: input_userauth_request: invalid
user test
Dec 21 22:22:53 localhost sshd[20728]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:22:53 localhost sshd[20728]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227
Dec 21 22:22:53 localhost sshd[20728]: pam_succeed_if(sshd:auth): error
retrieving information about user test
Dec 21 22:22:55 localhost sshd[20728]: Failed password for invalid user
test from 212.144.5.227 port 44836 ssh2
Dec 21 22:22:55 localhost sshd[20731]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:22:57 localhost sshd[20733]: Invalid user test from
212.144.5.227
Dec 21 22:22:57 localhost sshd[20736]: input_userauth_request: invalid
user test
Dec 21 22:22:57 localhost sshd[20733]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:22:57 localhost sshd[20733]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227
Dec 21 22:22:57 localhost sshd[20733]: pam_succeed_if(sshd:auth): error
retrieving information about user test
Dec 21 22:22:59 localhost sshd[20733]: Failed password for invalid user
test from 212.144.5.227 port 46677 ssh2
Dec 21 22:23:00 localhost sshd[20736]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:23:01 localhost sshd[20737]: Invalid user webmaster from
212.144.5.227
Dec 21 22:23:01 localhost sshd[20740]: input_userauth_request: invalid
user webmaster
Dec 21 22:23:01 localhost sshd[20737]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:23:01 localhost sshd[20737]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227
Dec 21 22:23:01 localhost sshd[20737]: pam_succeed_if(sshd:auth): error
retrieving information about user webmaster
Dec 21 22:23:03 localhost sshd[20737]: Failed password for invalid user
webmaster from 212.144.5.227 port 48746 ssh2
Dec 21 22:23:03 localhost sshd[20740]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:23:05 localhost sshd[20741]: Invalid user user from
212.144.5.227
Dec 21 22:23:05 localhost sshd[20744]: input_userauth_request: invalid
user user
Dec 21 22:23:05 localhost sshd[20741]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:23:05 localhost sshd[20741]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227
Dec 21 22:23:05 localhost sshd[20741]: pam_succeed_if(sshd:auth): error
retrieving information about user user
Dec 21 22:23:07 localhost sshd[20741]: Failed password for invalid user
user from 212.144.5.227 port 50440 ssh2
Dec 21 22:23:07 localhost sshd[20744]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:23:09 localhost sshd[20745]: Invalid user username from
212.144.5.227
Dec 21 22:23:09 localhost sshd[20748]: input_userauth_request: invalid
user username
Dec 21 22:23:09 localhost sshd[20745]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:23:09 localhost sshd[20745]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227
Dec 21 22:23:09 localhost sshd[20745]: pam_succeed_if(sshd:auth): error
retrieving information about user username
Dec 21 22:23:11 localhost sshd[20745]: Failed password for invalid user
username from 212.144.5.227 port 52338 ssh2
Dec 21 22:23:12 localhost sshd[20748]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:23:14 localhost sshd[20749]: Invalid user username from
212.144.5.227
Dec 21 22:23:14 localhost sshd[20752]: input_userauth_request: invalid
user username
Dec 21 22:23:14 localhost sshd[20749]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:23:14 localhost sshd[20749]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227
Dec 21 22:23:14 localhost sshd[20749]: pam_succeed_if(sshd:auth): error
retrieving information about user username
Dec 21 22:23:16 localhost sshd[20749]: Failed password for invalid user
username from 212.144.5.227 port 54665 ssh2
Dec 21 22:23:16 localhost sshd[20752]: Received disconnect from
212.144.5.227: 11: Bye Bye
Dec 21 22:23:18 localhost sshd[20753]: Invalid user user from
212.144.5.227
Dec 21 22:23:18 localhost sshd[20756]: input_userauth_request: invalid
user user
Dec 21 22:23:18 localhost sshd[20753]: pam_unix(sshd:auth): check pass;
user unknown
Dec 21 22:23:18 localhost sshd[20753]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=212.144.5.227

More information about the Linux-greek-users mailing list