On Saturday 07 August 2004 01:32 pm, Jürgen Mell wrote:
Hi List,
in the last days I see an increasing number of attacks against our SSH system. Up to now the attackers do not seem to have any success, but I am wondering about one thing: I have set up a list of users which are allowed to use the SSH daemon with the AllowUsers command in sshd_config. Now I get different messages from SSHD although none of the user names the attacker is trying is in the AllowUsers list:
Aug 7 22:47:17 akira sshd[5512]: User test not allowed because not listed in AllowUsers Aug 7 22:47:17 akira sshd[5514]: User guest not allowed because not listed in AllowUsers Aug 7 22:47:18 akira sshd[5516]: Illegal user admin from www.xxx.yyy.zzz Aug 7 22:47:20 akira sshd[5520]: Illegal user user from www.xxx.yyy.zzz Aug 7 22:47:21 akira sshd[5522]: User root not allowed because not listed in AllowUsers
Why are 'admin' and 'user' handled differently than 'test'. None of these users exist on my system ('guest' and 'root' are available). And none of these five is in AllowUsers.
Can anybody shed some light on this? Thanks!
Jürgen
Group names? -- _____________________________________ John Andersen