how to record the client's ip address in logfile - SSH

This is a discussion on how to record the client's ip address in logfile - SSH ; I have a linux box has sshd service with public key authentication only. recently, i found many brute force attacks which enumerate the user names. then i install fail2ban which analyze the sshd's log file and ban the failed attempts ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: how to record the client's ip address in logfile

  1. how to record the client's ip address in logfile

    I have a linux box has sshd service with public key authentication
    only. recently, i found many brute force attacks which enumerate the
    user names. then i install fail2ban which analyze the sshd's log file
    and ban the failed attempts with iptables. which works very well.

    today, i find many brute force attacks again, which try to login as
    root. as i set the sshd to allow users from specified group only, and
    root is not in this group. i got following message in log file:

    User root not allowed because none of user's groups are listed in
    AllowGroups

    unluckily, there're no ip address in the log file and i can't ban it.

    how can i ban such attempts? please note, I will never permit root
    login even with public key authentication.

    thanks.


  2. Re: how to record the client's ip address in logfile

    On 2007-09-04, wilbur lang wrote:
    > I have a linux box has sshd service with public key authentication
    > only. recently, i found many brute force attacks which enumerate the
    > user names. then i install fail2ban which analyze the sshd's log file
    > and ban the failed attempts with iptables. which works very well.
    >
    > today, i find many brute force attacks again, which try to login as
    > root. as i set the sshd to allow users from specified group only, and
    > root is not in this group. i got following message in log file:
    >
    > User root not allowed because none of user's groups are listed in
    > AllowGroups
    >
    > unluckily, there're no ip address in the log file and i can't ban it.


    From the log message I assume you're using OpenSSH? If so, which
    version? Logging of the source address for connections denied for
    that reason was added in 4.0.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  3. Re: how to record the client's ip address in logfile

    On Sep 5, 9:30 pm, Darren Tucker wrote:
    > From the log message I assume you're using OpenSSH? If so, which
    > version? Logging of the source address for connections denied for
    > that reason was added in 4.0.


    Thanks for your reply.
    Yes, I'm using OpenSSH, it's 3.9p1 comes with CentOS. I'll try 4.x
    later.


+ Reply to Thread