openSUSE Forums > Network/Internet » Blockhosts and SSH Logging

Go Back   openSUSE Forums > Network/Internet
Reload this Page Blockhosts and SSH Logging
Forums FAQ Members List Search Today's Posts Mark Forums Read

Network/Internet Questions about internet applications, network configuration, usage (SAMBA, network printing, NFS)

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 10-Jul-2009, 05:18
Puzzled Penguin
  
Join Date: Jul 2009
Posts: 2
max_1 hasn't been rated much yet
Default Blockhosts and SSH Logging
Hey there,

I installed blockhosts on my openSUSE 11.0 Server, and it works so far.

I have only got one problem left, which is the way SSH logs loginattempts. I get multiple of those lines:

Code:
Jul  9 15:40:34 s15313878 sshd[12273]: error: PAM: Authentication failure for root from 82-135-192-12.static.zebra.lt
Jul  9 15:40:34 s15313878 sshd[12273]: error: PAM: Authentication failure for root from 82-135-192-12.static.zebra.lt
THe only problem is that blockhosts won't block hostnames, it needs the IP.

The question is, where do I change that special logentry so that it won't resolve the IP address? Am I correct that it is PAM that creates that entry rather than sshd?
Or, what would also work, if the 'default' ssh logs (i.e.:
Code:
Apr 20 12:34:30 hostname sshd[9701]: Failed password for invalid user root from 10.21.45.30 port 35993 ssh2
) got written in addition to the lines from PAM.


Anyone got an insight to that?

Regards,

Max
Reply With Quote
  #2 (permalink)  
Old 11-Jul-2009, 08:34
Camaleón
Guest
  
Posts: n/a
Default Re: Blockhosts and SSH Logging
max 1 wrote:

> I installed blockhosts on my openSUSE 11.0 Server, and it works so
> far.
>
> I have only got one problem left, which is the way SSH logs
> loginattempts. I get multiple of those lines:
>
>
> Code:
> --------------------
>
> Jul 9 15:40:34 s15313878 sshd[12273]: error: PAM: Authentication
> failure for root from 82-135-192-12.static.zebra.lt
> Jul 9 15:40:34 s15313878 sshd[12273]: error: PAM: Authentication
> failure for root from 82-135-192-12.static.zebra.lt
>
>
> --------------------
>
>
> THe only problem is that blockhosts won't block hostnames, it needs the
> IP.
>
> The question is, where do I change that special logentry so that it
> won't resolve the IP address?

You can try to disable dns lookups for sshd (daemon server). Edit
file /etc/ssh/sshd_config and set:

***
UseDNS no
***

Restart sshd daemon (rcsshd restart) and test again.

Please keep in mind this change may affect other services you have
configured to use with sshd. Just be sure this change will not affect them.

Greetings,

--
Camaleón
Reply With Quote
  #3 (permalink)  
Old 11-Jul-2009, 09:23
Puzzled Penguin
  
Join Date: Jul 2009
Posts: 2
max_1 hasn't been rated much yet
Default Re: Blockhosts and SSH Logging
Thanks, I must have overlooked that option. Works like a charme
Reply With Quote
Reply

Bookmarks


« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Contact Us - openSUSE Forums - Archive - Privacy Statement - Top
© 2007 Novell, Inc. All Rights Reserved. This site uses the YAML CSS framework. All times are GMT -6. The time now is 17:29.
About openSUSE | Disclaimers | Feedback

Founded by Novell
 

Search Engine Friendly URLs by vBSEO 3.3.0 RC2