Re: οι γερμανοί ξανάρχονται με ...ssh :)

yiorgos kapellakis kapellakis at gmail.com
Fri Dec 22 13:10:52 EET 2006 

μπορει να ορισει ιπταβλεσ που να δεχετε connection με ssh μονο απο
συγκεκριμενη ip και απο ολες τις αλλες να κανει drop

On 12/22/06, Dimitris Kalamaras <dimitris.kalamaras at compupress.gr> wrote:
> Καλησπέρα,
>
> έχω ένα πιθανό πρόβλημα με το ssh. Βλέπω στο /var/log/secure (δείτε
> παρακάτω) ότι κάποιος υπολογιστής από τη Γερμανία (;)(arcor-ip.net μου
> δίνει το whois) προσπαθούσε χτες για καμιά ώρα να συνδεθεί με SSH με το
> PC μου. Στο router  έχω ανοικτή μόνο την SSH πόρτα. Αναρωτιέμαι τι κάνει
> κανείς σε αυτές τις περιπτώσεις (πέραν των προσευχών ή του κλεισίματος
> της πόρτας); Στέλνει παραπονιάρικο email σε κάποια από τις διευθύνσεις
> του whois; Υπάρχει τρόπος να μάθω περισσότερα για τη συγκεκριμένη IP ή
> πιθανώς είναι κάποια dynamic σαν τη δικιά μου; Και επίσης πόσο ασφαλές
> είναι το SSH; Αν το αφήσω, κάποια στιγμή θα το σπάσει σωστά; Μπορώ να
> βάλω κάποιο IP ban για όλες τις IP εκτός από εκείνη από την οποία
> συνδέομαι εγώ ( ~/.ssh/known_hosts); Υπάρχει κάτι άλλο;
>
> ευχαριστώ και καλές γιορτές,
>
> --Δημήτρης
>
> ===-ΑΠΟΣΠΑΣΜΑ ΑΠΟ /var/log/secure -===
>
> Dec 21 22:22:05 localhost sshd[20679]: Failed password for root from
> 212.144.5.227 port 47216 ssh2
> Dec 21 22:22:06 localhost sshd[20682]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:08 localhost sshd[20683]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227  user=root
> Dec 21 22:22:10 localhost sshd[20683]: Failed password for root from
> 212.144.5.227 port 49765 ssh2
> Dec 21 22:22:10 localhost sshd[20686]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:12 localhost sshd[20687]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227  user=root
> Dec 21 22:22:14 localhost sshd[20687]: Failed password for root from
> 212.144.5.227 port 52025 ssh2
> Dec 21 22:22:15 localhost sshd[20690]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:16 localhost sshd[20691]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227  user=root
> Dec 21 22:22:18 localhost sshd[20691]: Failed password for root from
> 212.144.5.227 port 54417 ssh2
> Dec 21 22:22:19 localhost sshd[20694]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:20 localhost sshd[20695]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227  user=root
> Dec 21 22:22:23 localhost sshd[20695]: Failed password for root from
> 212.144.5.227 port 56742 ssh2
> Dec 21 22:22:23 localhost sshd[20698]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:25 localhost sshd[20699]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227  user=root
> Dec 21 22:22:27 localhost sshd[20699]: Failed password for root from
> 212.144.5.227 port 58828 ssh2
> Dec 21 22:22:27 localhost sshd[20702]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:29 localhost sshd[20703]: Invalid user admin from
> 212.144.5.227
> Dec 21 22:22:29 localhost sshd[20706]: input_userauth_request: invalid
> user admin
> Dec 21 22:22:29 localhost sshd[20703]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:22:29 localhost sshd[20703]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
> Dec 21 22:22:29 localhost sshd[20703]: pam_succeed_if(sshd:auth): error
> retrieving information about user admin
> Dec 21 22:22:32 localhost sshd[20703]: Failed password for invalid user
> admin from 212.144.5.227 port 60903 ssh2
> Dec 21 22:22:32 localhost sshd[20706]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:33 localhost sshd[20707]: Invalid user admin from
> 212.144.5.227
> Dec 21 22:22:34 localhost sshd[20710]: input_userauth_request: invalid
> user admin
> Dec 21 22:22:34 localhost sshd[20707]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:22:34 localhost sshd[20707]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
> Dec 21 22:22:34 localhost sshd[20707]: pam_succeed_if(sshd:auth): error
> retrieving information about user admin
> Dec 21 22:22:35 localhost sshd[20707]: Failed password for invalid user
> admin from 212.144.5.227 port 34944 ssh2
> Dec 21 22:22:36 localhost sshd[20710]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:37 localhost sshd[20711]: Invalid user admin from
> 212.144.5.227
> Dec 21 22:22:37 localhost sshd[20714]: input_userauth_request: invalid
> user admin
> Dec 21 22:22:37 localhost sshd[20711]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:22:37 localhost sshd[20711]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
> Dec 21 22:22:37 localhost sshd[20711]: pam_succeed_if(sshd:auth): error
> retrieving information about user admin
> Dec 21 22:22:39 localhost sshd[20711]: Failed password for invalid user
> admin from 212.144.5.227 port 36843 ssh2
> Dec 21 22:22:39 localhost sshd[20714]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:41 localhost sshd[20715]: Invalid user admin from
> 212.144.5.227
> Dec 21 22:22:41 localhost sshd[20718]: input_userauth_request: invalid
> user admin
> Dec 21 22:22:41 localhost sshd[20715]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:22:41 localhost sshd[20715]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
> Dec 21 22:22:41 localhost sshd[20715]: pam_succeed_if(sshd:auth): error
> retrieving information about user admin
> Dec 21 22:22:43 localhost sshd[20715]: Failed password for invalid user
> admin from 212.144.5.227 port 38549 ssh2
> Dec 21 22:22:44 localhost sshd[20718]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:46 localhost sshd[20719]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227  user=root
> Dec 21 22:22:47 localhost sshd[20719]: Failed password for root from
> 212.144.5.227 port 40826 ssh2
> Dec 21 22:22:47 localhost sshd[20722]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:49 localhost sshd[20723]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227  user=root
> Dec 21 22:22:51 localhost sshd[20723]: Failed password for root from
> 212.144.5.227 port 42708 ssh2
> Dec 21 22:22:51 localhost sshd[20726]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:53 localhost sshd[20728]: Invalid user test from
> 212.144.5.227
> Dec 21 22:22:53 localhost sshd[20731]: input_userauth_request: invalid
> user test
> Dec 21 22:22:53 localhost sshd[20728]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:22:53 localhost sshd[20728]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
> Dec 21 22:22:53 localhost sshd[20728]: pam_succeed_if(sshd:auth): error
> retrieving information about user test
> Dec 21 22:22:55 localhost sshd[20728]: Failed password for invalid user
> test from 212.144.5.227 port 44836 ssh2
> Dec 21 22:22:55 localhost sshd[20731]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:22:57 localhost sshd[20733]: Invalid user test from
> 212.144.5.227
> Dec 21 22:22:57 localhost sshd[20736]: input_userauth_request: invalid
> user test
> Dec 21 22:22:57 localhost sshd[20733]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:22:57 localhost sshd[20733]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
> Dec 21 22:22:57 localhost sshd[20733]: pam_succeed_if(sshd:auth): error
> retrieving information about user test
> Dec 21 22:22:59 localhost sshd[20733]: Failed password for invalid user
> test from 212.144.5.227 port 46677 ssh2
> Dec 21 22:23:00 localhost sshd[20736]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:23:01 localhost sshd[20737]: Invalid user webmaster from
> 212.144.5.227
> Dec 21 22:23:01 localhost sshd[20740]: input_userauth_request: invalid
> user webmaster
> Dec 21 22:23:01 localhost sshd[20737]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:23:01 localhost sshd[20737]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
> Dec 21 22:23:01 localhost sshd[20737]: pam_succeed_if(sshd:auth): error
> retrieving information about user webmaster
> Dec 21 22:23:03 localhost sshd[20737]: Failed password for invalid user
> webmaster from 212.144.5.227 port 48746 ssh2
> Dec 21 22:23:03 localhost sshd[20740]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:23:05 localhost sshd[20741]: Invalid user user from
> 212.144.5.227
> Dec 21 22:23:05 localhost sshd[20744]: input_userauth_request: invalid
> user user
> Dec 21 22:23:05 localhost sshd[20741]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:23:05 localhost sshd[20741]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
> Dec 21 22:23:05 localhost sshd[20741]: pam_succeed_if(sshd:auth): error
> retrieving information about user user
> Dec 21 22:23:07 localhost sshd[20741]: Failed password for invalid user
> user from 212.144.5.227 port 50440 ssh2
> Dec 21 22:23:07 localhost sshd[20744]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:23:09 localhost sshd[20745]: Invalid user username from
> 212.144.5.227
> Dec 21 22:23:09 localhost sshd[20748]: input_userauth_request: invalid
> user username
> Dec 21 22:23:09 localhost sshd[20745]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:23:09 localhost sshd[20745]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
> Dec 21 22:23:09 localhost sshd[20745]: pam_succeed_if(sshd:auth): error
> retrieving information about user username
> Dec 21 22:23:11 localhost sshd[20745]: Failed password for invalid user
> username from 212.144.5.227 port 52338 ssh2
> Dec 21 22:23:12 localhost sshd[20748]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:23:14 localhost sshd[20749]: Invalid user username from
> 212.144.5.227
> Dec 21 22:23:14 localhost sshd[20752]: input_userauth_request: invalid
> user username
> Dec 21 22:23:14 localhost sshd[20749]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:23:14 localhost sshd[20749]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
> Dec 21 22:23:14 localhost sshd[20749]: pam_succeed_if(sshd:auth): error
> retrieving information about user username
> Dec 21 22:23:16 localhost sshd[20749]: Failed password for invalid user
> username from 212.144.5.227 port 54665 ssh2
> Dec 21 22:23:16 localhost sshd[20752]: Received disconnect from
> 212.144.5.227: 11: Bye Bye
> Dec 21 22:23:18 localhost sshd[20753]: Invalid user user from
> 212.144.5.227
> Dec 21 22:23:18 localhost sshd[20756]: input_userauth_request: invalid
> user user
> Dec 21 22:23:18 localhost sshd[20753]: pam_unix(sshd:auth): check pass;
> user unknown
> Dec 21 22:23:18 localhost sshd[20753]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=212.144.5.227
>
>
>
> --
> linux-greek-users mailing list -- http://lists.hellug.gr

More information about the Linux-greek-users mailing list