Hi,

Process Software MultiNet V4.4 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz,
OpenVMS AXP V7.3-1
(Shortly to be upgraded to V5.0 on VMS 7.3-2)

We'd like to gather more information on SSH-based attacks on this system.

We've found a new MULTINET_ROOT:[MULTINET.SSH]SSHD.LOG file gets created for
each incoming connection and tends to contain entries like this:

SSHD 0181[00026B86]: WARNING: DNS lookup failed for "67.19.157.18".
getpwnam: getuai failed: 182b2
getpwnam: getuai failed: 182b2

I'm assuming the 'getpwnam' errors are indicating that the supplied username
does not exist in the SYSUAF (182B2 = %RMS-E-RNF). Is there some way of
getting the username into this log file?

What other logging have people found helpful?

Thanks,

Jeremy Begg

+---------------------------------------------------------+
| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
|---------------------------------------------------------|
| P.O.Box 402, Walkerville, | E-Mail: jeremy@vsm.com.au |
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
+---------------------------------------------------------+