Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 01-18-2006, 12:05 PM   #1
LQ Newbie
Registered: Jan 2006
Posts: 10

Rep: Reputation: 0
LogWatch - - pam_unix - - Question

Did some searches and could not find anything useful on this subject. I manage my own dedicated server, and receive daily log files of server activity. I am just going to take one piece at a time, and I wanted to start here. To my understanding, it appears someone was trying to access my server 1600 times, but because I lack knowledge, this may just be a system issue also. If anyone could somewhat give an idea of what the below might be (ive xed out the domain for possibly securty reasons, but it was not mine, and I have never seen it before):

--------------------- pam_unix Begin ------------------------

Invalid Users:
Unknown Account: 1600 Time(s)
Authentication Failures:
lp ( ): 10 Time(s)
unknown ( ): 1600 Time(s)

---------------------- pam_unix End -------------------------

Last edited by w3developing; 01-18-2006 at 12:38 PM.
Old 01-18-2006, 12:41 PM   #2
Registered: Jan 2006
Location: PA
Distribution: Mandriva Power Pack 2006
Posts: 146

Rep: Reputation: 15
I'm newbish but couldn't it just be someone randomly pinging you? I'm on a windoze machine right now and my firewall says: firewall has blocked 227869 access attempts,and there is no way that many people hate me or want to get into my computer to find useless information.
Old 01-19-2006, 03:24 AM   #3
LQ 5k Club
Registered: May 2003
Location: London, UK
Distribution: Debian "Testing"
Posts: 6,096

Rep: Reputation: 408Reputation: 408Reputation: 408Reputation: 408Reputation: 408
You should probably read this thread:

Old 01-19-2006, 03:33 AM   #4
Senior Member
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
This is almost certainly a script kiddie trying to bruteforce your ssh password. To eliminate this, stop using passwd logins, and use key-based login instead. This way the kiddie will not even get a prompt to bruteforce. Also, please do disable root logins in your sshd_config file.
Old 01-20-2006, 12:25 AM   #5
LQ Newbie
Registered: Jan 2006
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks Bulliver. Do you know where I might be able to find an instruct on how to do this? I'm kind of new to the ssh interface, and I don't want to risk making a mistake on my live server. Thanks in advance.
Old 01-20-2006, 05:07 AM   #6
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,138

Rep: Reputation: 166Reputation: 166
Make sure you have the following lines in /etc/ssh/sshd_config:

Protocol 2
PasswordAuthentication no
PermitRootLogin no
The other settings should be OK to leave at defaults (settings like PubkeyAuthentication default to yes). You'll need to generate keys and put them in ~/.ssh. I have the following in my ~/.ssh:

lrwxrwxrwx 1 steve steve 10 2006-01-09 19:02 authorized_keys ->
-rw------- 1 steve steve 951 2006-01-05 02:23 id_rsa
-rw-r----- 1 steve steve 244 2006-01-05 02:23
-rw-r--r-- 1 steve steve 391 2006-01-05 09:05 known_hosts

Hae a look at and for a couple of quick howtos.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Who are hackers? cyto General 10 12-24-2004 11:17 AM
C++ hackers anyone? Kane635 Programming 2 10-04-2004 07:37 PM
Hackers consty Linux - Security 17 08-26-2004 06:52 AM
According to this we are all hackers bubba169 General 10 05-03-2004 10:59 PM
any X hackers? deepsix Programming 0 09-13-2003 11:22 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:34 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration