-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi List, in the last days I see an increasing number of attacks against our SSH system. Up to now the attackers do not seem to have any success, but I am wondering about one thing: I have set up a list of users which are allowed to use the SSH daemon with the AllowUsers command in sshd_config. Now I get different messages from SSHD although none of the user names the attacker is trying is in the AllowUsers list: Aug 7 22:47:17 akira sshd[5512]: User test not allowed because not listed in AllowUsers Aug 7 22:47:17 akira sshd[5514]: User guest not allowed because not listed in AllowUsers Aug 7 22:47:18 akira sshd[5516]: Illegal user admin from www.xxx.yyy.zzz Aug 7 22:47:20 akira sshd[5520]: Illegal user user from www.xxx.yyy.zzz Aug 7 22:47:21 akira sshd[5522]: User root not allowed because not listed in AllowUsers Why are 'admin' and 'user' handled differently than 'test'. None of these users exist on my system ('guest' and 'root' are available). And none of these five is in AllowUsers. Can anybody shed some light on this? Thanks! Jürgen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFBFUpjtMrl3JEeRvwRAuBTAKClf/i9qgAUNzuwsEhYiNLipvPs/ACg8sEu VYZO+DJ7KM6E42A+Ow8uGKU= =sYpw -----END PGP SIGNATURE-----