Re: Getting IP's added to log entry
jKILLSPAM.schipper_at_math.uu.nl
Date: 11/28/05
- Next message: Jacob Nevins: "Re: psftp problem"
- Previous message: Matt Pearce: "Getting IP's added to log entry"
- In reply to: Matt Pearce: "Getting IP's added to log entry"
- Next in thread: Darren Tucker: "Re: Getting IP's added to log entry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Nov 2005 15:03:30 GMT
Matt Pearce <matt@00pearceits.com.au> wrote:
> Hi All,
>
> As you are all aware there are bots scanning servers for sshd service
> and trying combinations of username/password to gain entry. To counter
> this I have added AllowUsers to my sshd_config with only one entry in it
> (not root). My log output for sshd to auth.log only logs this:-
>
> sshd[321]: User root not allowed because not listed in AllowUsers
>
> when anyone else but the allowed users name is used to try and gain
> entry. I would like this log message to reflect the ip the failed
> attempt came from as my bruteforceblocker will then take the ip and sent
> it to a table for my firewall that will block it from connection to me
> again on my ssh port.
>
> So is it easy to modify sshd to do this or is someone with no
> programming knowledge way out of there depth ??
>
> Matt.
This should not be impossible - though I have not looked at the code -
but why don't you just take note of the 'sshd[321]: connect from
1.1.1.1' message?
Joachim
- Next message: Jacob Nevins: "Re: psftp problem"
- Previous message: Matt Pearce: "Getting IP's added to log entry"
- In reply to: Matt Pearce: "Getting IP's added to log entry"
- Next in thread: Darren Tucker: "Re: Getting IP's added to log entry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
