LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE
Reload this Page How to deal with SSHD invalid user XXXX from www.xxx.yyy.xxx
User Name
Password
SUSE / openSUSE This Forum is for the discussion of Suse Linux.

Notices


Reply
  Search this Thread
Old 09-30-2006, 04:49 AM   #1
1kyle
Member
 
Registered: Feb 2004
Location: 'Ol Blighty
Distribution: SLED 10, SUSE 10.3
Posts: 722

Rep: Reputation: 32
How to deal with SSHD invalid user XXXX from www.xxx.yyy.xxx

Is there an easy way to deal with these type of messages

Sep 24 20:43:53 blackdog sshd[10723]: Invalid user user1 from 210.221.154.12
Sep 24 20:43:56 blackdog sshd[10725]: Invalid user user1 from 210.221.154.12
Sep 24 20:43:59 blackdog sshd[10727]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:02 blackdog sshd[10729]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:05 blackdog sshd[10731]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:08 blackdog sshd[10733]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:10 blackdog sshd[10735]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:13 blackdog sshd[10737]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:16 blackdog sshd[10739]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:19 blackdog sshd[10741]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:22 blackdog sshd[10743]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:25 blackdog sshd[10745]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:28 blackdog sshd[10747]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:31 blackdog sshd[10749]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:34 blackdog sshd[10751]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:37 blackdog sshd[10753]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:39 blackdog sshd[10755]: Invalid user user1 from 210.221.154.12
Sep 24 20:44:42 blackdog sshd[10757]: Invalid user user1 from 210.221.154.12

Sometimes there are a whole slew of users with different IP addresses.

What I would like is to ensure I'm the ONLY person who can access this box. I leave it on as I access it via SSH and a tunnel (for VNC) so I can access it remotely from work.

I'm afraid I don't have too much knowledge on security etc --I've password protected drives and directories and ensure you can't logpon as root remotely but I'm not certain what else I need to do..


Any help or references --greatly appreciated

Cheers

-K
 
Old 09-30-2006, 05:26 AM   #2
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 50
This is a known problem due to script kiddies brute forcing ssh passwords. You can either set your SSHd to listen to another port or use denyhosts which is a little script that listens for failed attempts and put IPs into /etc/hosts.deny.

Download it via your yum or from http://denyhosts.sourceforge.net/

You can also check out this thread in Security: Failed SSH login attempts


ephracis
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
smbclient -M xxx.xxx.xxx.xxx Doesnt Work DiscreetControl Linux - Networking 7 12-28-2007 10:50 AM
Problem getting connection with a DLink Router with IP 10.xxx.xxx.xxx kezira Fedora 9 11-28-2005 10:31 PM
Problem getting connection with a DLink Router after setting static IP 10.xxx.xxx.xxx kezira Linux - Networking 1 11-09-2005 10:27 PM
Host XXX.XXX.XXX.XXX is not allowed to connect to this MySQL server ocavid Linux - Newbie 2 03-16-2005 09:40 AM
ping www.xxx.yyy FAILED iraysyvalo Linux - Networking 3 07-17-2003 02:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE

All times are GMT -5. The time now is 02:40 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration