Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam for
michael from 89.123.165.3 po
rt 55185 ssh2
There is a user michael on the system, but whoever was doing this was not
him.
I am assuming someone tried to break in using a valid username (michael) but
with an incorrect
Very odd. Sigh, Michael is not vacationing in Romania. Doubt he's ever been
there. I got rid of the michael account (it wasn't used anyway), and
downloaded a new copy of chkrootkit, installed it and ran it along with
chklastlog and chkwtmp. Nothing was found. Pehaps this was a harmless enough
Hello,
I personally use key authentication along with DenyUsers and
AllowUsers directives
from sshd. One more thing i do regarding ssh brute force is to make
use of the max-src-conn and
max-src-conn-rate from pf firewall.
My auth logs look like:
Nov 14 11:15:36 xxx sshd[3570]: User root from
On Fri, Nov 14, 2008 at 11:37:15PM -0800, Jeremy Chadwick wrote:
On Fri, Nov 14, 2008 at 10:00:13PM -0500, Lisa Casey wrote:
Very odd. Sigh, Michael is not vacationing in Romania. Doubt he's ever
been there. I got rid of the michael account (it wasn't used anyway), and
downloaded a new
Also keep in mind that the user may not have actually logged in and
gotten a shell; the message you see can also happen if the individual
simply scp'd something (e.g. no shell spawned).
but this case there are other messages about scp, not sure if in auth.log
or others. i use single file for
--- On Sat, 11/15/08, Jeremy Chadwick [EMAIL PROTECTED] wrote:
From: Jeremy Chadwick [EMAIL PROTECTED]
Subject: Re: Question about entry in auth.log
To: Lisa Casey [EMAIL PROTECTED]
Cc: freebsd-questions@freebsd.org
Date: Saturday, November 15, 2008, 2:37 AM
On Fri, Nov 14, 2008 at 10:00
Hi,
I run several FreeBSD servers. Today I noticed an entry in the auth.log on
one of them that concerns me. The entry is this:
Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam for
michael from 89.123.165.3 po
rt 55185 ssh2
There is a user michael on the system, but
Lisa Casey wrote:
Hi,
I run several FreeBSD servers. Today I noticed an entry in the auth.log
on one of them that concerns me. The entry is this:
Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam for
michael from 89.123.165.3 po
rt 55185 ssh2
There is a user michael
On Nov 14, 2008, at 8:00 PM, Steven Susbauer wrote:
Lisa Casey wrote:
Hi,
I run several FreeBSD servers. Today I noticed an entry in the
auth.log
on one of them that concerns me. The entry is this:
Nov 12 15:44:29 mail sshd[30160]: Accepted keyboard-interactive/pam
for
michael from
On Fri, 14 Nov 2008, Tom Marchand wrote:
Or michael is vacationing in Romania.
Very odd. Sigh, Michael is not vacationing in Romania. Doubt he's ever
been there. I got rid of the michael account (it wasn't used anyway), and
downloaded a new copy of chkrootkit, installed it and ran it
On Fri, Nov 14, 2008 at 10:00:13PM -0500, Lisa Casey wrote:
Very odd. Sigh, Michael is not vacationing in Romania. Doubt he's ever
been there. I got rid of the michael account (it wasn't used anyway), and
downloaded a new copy of chkrootkit, installed it and ran it along with
chklastlog
11 matches
Mail list logo