can't prevent root lockout under Tru64/C2 security

From: msb (mikebroderick_at_gmail.com)
Date: 01/30/05

  • Next message: h.wulff: "Check return value of scp"
    Date: 29 Jan 2005 21:01:58 -0800
    
    

    I have a couple Tru64 boxes (4.0f and 5.1b) both using C2 security
    that have been getting occasional root login attacks via SSH. These
    attacks (3000
    hits on root last time) cause the root account to get locked. I tried
    disabling root logins from SSH with "PerminRootLogins no" (in
    sshd_config) but I still see failed attempts logged in the auth db
    (u_numunsuclog for root user increments). I then also tried adding
    "DenyUsers root" to sshd_config which seems to work on the 4.0f system
    but not on
    5.1b. I now do see an "invalid user" error in the auth.log on both
    systems but on the 5.1b system u_numunsuclog (in auth db) still
    increments.

    The Tru64 delivered ssh is not beig used, but rather a version of
    OpenSSH manually downloaded/built. (The 4.0f system has OpenSSH 3.1p1
    and the 5.1b system has 3.7.1p2.) The 5.1b system was just upgraded
    from 5.1a to 5.1b and the 4.0f system will be upgraded to 5.1b soon so
    the DenyUsers fix on 4.0f only doesn't help much.

    Anyone have any idea why adding these two settings to the sshd config
    does not stop the login attempt in sshd, before reaching the system
    auth db?

                                                           Mike


  • Next message: h.wulff: "Check return value of scp"