Originally Posted by
swoosh
Hi,
May I know what messages should I expect from
if I attempt a simulated internal attack on my ssh?
I have attempted few tries but nothing is logged. What can I do to see some failed attempts?
Thanks.
You should see something like this:
Code:
dbott@feisty:~$ tail -f -s3 /etc/hosts.deny
# DenyHosts: Thu Oct 18 22:34:31 2007 | sshd: 192.168.1.107
sshd: 192.168.1.107
If you don't get anything showing up after a few attempts, make sure that DenyHosts is running:
Code:
dbott@feisty:~$ ps aux | grep deny
dbott 5007 0.0 0.0 2884 752 pts/0 R+ 22:36 0:00 grep deny
root 20631 0.0 0.5 8336 4760 ? SN Oct14 0:00 python /usr/sbin/denyhosts --daemon --config=/etc/denyhosts.conf --config=/etc/denyhosts.conf
Also make sure that the auth.log file shows the attempts:
Code:
dbott@feisty:~$ cat /var/log/auth.log | grep sshd
Oct 18 22:33:09 feisty sshd[4851]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.107 user=root
Oct 18 22:33:11 feisty sshd[4851]: Failed password for root from 192.168.1.107 port 1482 ssh2
Oct 18 22:34:03 feisty sshd[4889]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.107 user=root
Oct 18 22:34:04 feisty sshd[4889]: Failed password for root from 192.168.1.107 port 1483 ssh2
Oct 18 22:34:34 feisty sshd[4909]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.107 user=root
Oct 18 22:34:36 feisty sshd[4909]: Failed password for root from 192.168.1.107 port 1484 ssh2
Oct 18 22:35:13 feisty sshd[4909]: Failed password for root from 192.168.1.107 port 1484 ssh2
Oct 18 22:36:24 feisty sshd[4909]: fatal: Timeout before authentication for 192.168.1.107
-Dave
Bookmarks