Thread: Blockhosts and SSH Logging
View Single Post
  #1 (permalink)  
Old 10-Jul-2009, 05:18
max_1 max_1 is offline
Puzzled Penguin
  
Join Date: Jul 2009
Posts: 2
max_1 hasn't been rated much yet
Default Blockhosts and SSH Logging
Hey there,

I installed blockhosts on my openSUSE 11.0 Server, and it works so far.

I have only got one problem left, which is the way SSH logs loginattempts. I get multiple of those lines:

Code:
Jul  9 15:40:34 s15313878 sshd[12273]: error: PAM: Authentication failure for root from 82-135-192-12.static.zebra.lt
Jul  9 15:40:34 s15313878 sshd[12273]: error: PAM: Authentication failure for root from 82-135-192-12.static.zebra.lt
THe only problem is that blockhosts won't block hostnames, it needs the IP.

The question is, where do I change that special logentry so that it won't resolve the IP address? Am I correct that it is PAM that creates that entry rather than sshd?
Or, what would also work, if the 'default' ssh logs (i.e.:
Code:
Apr 20 12:34:30 hostname sshd[9701]: Failed password for invalid user root from 10.21.45.30 port 35993 ssh2
) got written in addition to the lines from PAM.


Anyone got an insight to that?

Regards,

Max
Reply With Quote