I've installed the most recent Macport build of Denyhosts 2.6 on my OS X 10.6.2
Snow Leopard. Everything seems installed proper. I used the sample
denyhosts.cfg file as well as the daemon script, loading up under launchctl.
Testing has been successful for <invalid users>, with entry added to hosts.deny
and even got the email to go out proper.
Problem is, it just will not recognize a failure to authenticate (due to bad or
no password) a <valid user>. My regex skills are quite dull, so I have
resorted to manually adding various forms of FAILED_ENTRY_REGEX and
USERDEF_FAILED_ENTRY_REGEX in my cfg file to no avail.
So here are some facts I hope will help someone help me figure this out...
My secure.log has entries similar to this:
Feb 24 04:03:51 MachineName sshd[16220]: in pam_sm_authenticate(): Failed to
determine Kerberos principal name.
Feb 24 04:03:52 MachineName sshd[16216]: error: PAM: authentication error for
validuser from 192.168.1.10 via 192.168.1.10
Where "validuser" above is a real user enabled for remote login. This is the
record pair created for each incorrect password entered. My system.log
contains (which is not used by denyhosts):
Feb 24 04:03:52 MachineName sandboxd[16222]: sshd(16217) deny
mach-per-user-lookup
Per the denyhosts website FAQ at
http://denyhosts.sourceforge.net/pam_auth_err.txt , I have added the below to
my denyhosts.cfg (once I found that macports out of box cfg did not work)
FAILED_ENTRY_REGEX=error: PAM: authentication error for (?P<invalid>invalid
user |illegal user )?(?P<user>.*?) from
(::ffff:)?(?P<host>\d){1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
I have tried numerous variations of the above, specifically removing the
(?P<invalid>invalid user |illegal user ) since, unless I misunderstand regex
expression - which is probably, since I am poor with regex, would not get a hit
on the validuser scenario. As for basics, I do not have SSHD_FORMAT_REGEX in
my cfg file. I point to secure.log, which works fine for identifying invalid
user attempts. Any help would be appreciated!
Cheers
Atreides
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
