Talk:OpenSSH

From Fail2ban

Revision as of 02:24, 15 March 2014 by Daniel.subs (Talk | contribs) (removed stuff that has been implemented for ages)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

ssh and pam

OpenSSH on recent linux distributions uses pam to authenticate user. If the user doesn't exist this line is printed on auth.log

Jul 20 01:35:44 foo sshd[7140]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.187.212.29

Adding this regex rule is really helpful:

sshd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>

Retrieved from "https://fail2ban.org/wiki/index.php?title=Talk:OpenSSH&oldid=4976"

Navigation menu