SSH log lines
@lbutlr
kremels at kreme.com
Wed Aug 5 16:59:59 UTC 2020
On 03 Aug 2020, at 23:22, Matthias Fechner <idefix at fechner.net> wrote:
> Am 03.08.2020 um 21:37 schrieb @lbutlr:
>> When some moon tires to login to an account like root, ssh does n’t log the IP address in the failure line as it does with non-existent users.
>>
>> sshd[99328] error: PAM: Authentication error for root from vps-94314d13.vps.ovh.ca
>> sshd[99328] Connection closed by authenticating user root 139.99.236.165 port 46226 [preauth]
>>
>> sshd[7202] Invalid user pi from 2.232.248.6 port 46438
>>
>> Is there anyway that I can change this so that the IP address appears not eh same line as the Authentication error, it would make my blacklisting these people much easier.
>
> try fail2ban, it can handle all of this correctly.
Why I am trying to do wis instantly ban any criminals attempting to login to root (and a few other other accounts). Fail2ban will ban repeated attempts (just like sshguard which I am already using).
But it doesn't matter, the sshguard author is looking at adding a feature for this.
--
Space Directive 723: Terraformers are expressly forbidden from
recreating Swindon.
More information about the freebsd-questions
mailing list