LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-18-2006, 01:05 PM   #1
w3developing
LQ Newbie
 
Registered: Jan 2006
Posts: 10

Rep: Reputation: 0
LogWatch - - pam_unix - - Question


Did some searches and could not find anything useful on this subject. I manage my own dedicated server, and receive daily log files of server activity. I am just going to take one piece at a time, and I wanted to start here. To my understanding, it appears someone was trying to access my server 1600 times, but because I lack knowledge, this may just be a system issue also. If anyone could somewhat give an idea of what the below might be (ive xed out the domain for possibly securty reasons, but it was not mine, and I have never seen it before):


--------------------- pam_unix Begin ------------------------

sshd:
Invalid Users:
Unknown Account: 1600 Time(s)
Authentication Failures:
lp (xxxxxxxx.xxxxx.net ): 10 Time(s)
unknown (xxxxxxxx.xxxxx.net ): 1600 Time(s)


---------------------- pam_unix End -------------------------

Last edited by w3developing; 01-18-2006 at 01:38 PM.
 
Old 01-18-2006, 01:41 PM   #2
mr_coffee
Member
 
Registered: Jan 2006
Location: PA
Distribution: Mandriva Power Pack 2006
Posts: 146

Rep: Reputation: 15
I'm newbish but couldn't it just be someone randomly pinging you? I'm on a windoze machine right now and my firewall says: firewall has blocked 227869 access attempts,and there is no way that many people hate me or want to get into my computer to find useless information.
 
Old 01-19-2006, 04:24 AM   #3
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,085

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
You should probably read this thread:

http://www.linuxquestions.org/questi...d.php?t=340366

HTH
 
Old 01-19-2006, 04:33 AM   #4
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
This is almost certainly a script kiddie trying to bruteforce your ssh password. To eliminate this, stop using passwd logins, and use key-based login instead. This way the kiddie will not even get a prompt to bruteforce. Also, please do disable root logins in your sshd_config file.
 
Old 01-20-2006, 01:25 AM   #5
w3developing
LQ Newbie
 
Registered: Jan 2006
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks Bulliver. Do you know where I might be able to find an instruct on how to do this? I'm kind of new to the ssh interface, and I don't want to risk making a mistake on my live server. Thanks in advance.
 
Old 01-20-2006, 06:07 AM   #6
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,125

Rep: Reputation: 164Reputation: 164
Make sure you have the following lines in /etc/ssh/sshd_config:

Code:
Protocol 2
PasswordAuthentication no
PermitRootLogin no
The other settings should be OK to leave at defaults (settings like PubkeyAuthentication default to yes). You'll need to generate keys and put them in ~/.ssh. I have the following in my ~/.ssh:

lrwxrwxrwx 1 steve steve 10 2006-01-09 19:02 authorized_keys -> id_rsa.pub
-rw------- 1 steve steve 951 2006-01-05 02:23 id_rsa
-rw-r----- 1 steve steve 244 2006-01-05 02:23 id_rsa.pub
-rw-r--r-- 1 steve steve 391 2006-01-05 09:05 known_hosts

Hae a look at http://www.phy.bnl.gov/computing/gateway/ssh-agent.html and http://fedoranews.org/dowen/sshkeys/ for a couple of quick howtos.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Who are hackers? cyto General 10 12-24-2004 12:17 PM
C++ hackers anyone? Kane635 Programming 2 10-04-2004 08:37 PM
Hackers consty Linux - Security 17 08-26-2004 07:52 AM
According to this we are all hackers bubba169 General 10 05-03-2004 11:59 PM
any X hackers? deepsix Programming 0 09-14-2003 12:22 AM


All times are GMT -5. The time now is 12:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration