2007-03-27 07:13:38 UTC
The activity below did not result in a banned ip in hosts.deny. The threshold is set to 6, while there are 9 failures from the same ip here, but using different usernames (all of which either don't exist or are not in AllowedUsers). I assume the ip was not banned because it did not fail 6 times on the same username. On my own systems, I would want this activity to result in a ban, but perhaps some would prefer the option to aggregate failed attempts from the same ip for different users or not.
Mar 26 21:49:20 stockton sshd[12543]: Illegal user test from ::ffff:222.255.236.
12
Mar 26 21:49:21 stockton sshd[12543]: error: Could not get shadow information fo
r NOUSER
Mar 26 21:49:21 stockton sshd[12543]: Failed password for illegal user test from
::ffff:222.255.236.12 port 35624 ssh2
Mar 26 21:49:24 stockton sshd[12545]: Illegal user guest from ::ffff:222.255.236
.12
Mar 26 21:49:24 stockton sshd[12545]: error: Could not get shadow information fo
r NOUSER
Mar 26 21:49:24 stockton sshd[12545]: Failed password for illegal user guest fro
m ::ffff:222.255.236.12 port 35700 ssh2
Mar 26 21:49:29 stockton sshd[12547]: Illegal user admin from ::ffff:222.255.236
.12
Mar 26 21:49:29 stockton sshd[12547]: error: Could not get shadow information fo
r NOUSER
Mar 26 21:49:29 stockton sshd[12547]: Failed password for illegal user admin fro
m ::ffff:222.255.236.12 port 35768 ssh2
Mar 26 21:49:36 stockton sshd[12549]: Illegal user admin from ::ffff:222.255.236
.12
Mar 26 21:49:36 stockton sshd[12549]: error: Could not get shadow information fo
r NOUSER
Mar 26 21:49:36 stockton sshd[12549]: Failed password for illegal user admin fro
m ::ffff:222.255.236.12 port 35862 ssh2
Mar 26 21:49:41 stockton sshd[12551]: Illegal user user from ::ffff:222.255.236.
12
Mar 26 21:49:41 stockton sshd[12551]: error: Could not get shadow information fo
r NOUSER
Mar 26 21:49:41 stockton sshd[12551]: Failed password for illegal user user from
::ffff:222.255.236.12 port 35993 ssh2
Mar 26 21:49:46 stockton sshd[12553]: User root not allowed because not listed i
n AllowUsers
Mar 26 21:49:46 stockton sshd[12553]: error: Could not get shadow information fo
r NOUSER
Mar 26 21:49:46 stockton sshd[12553]: Failed password for illegal user root from
::ffff:222.255.236.12 port 36105 ssh2
Mar 26 21:49:50 stockton sshd[12555]: User root not allowed because not listed i
n AllowUsers
Mar 26 21:49:50 stockton sshd[12555]: error: Could not get shadow information fo
r NOUSER
Mar 26 21:49:50 stockton sshd[12555]: Failed password for illegal user root from
::ffff:222.255.236.12 port 36214 ssh2
Mar 26 21:49:54 stockton sshd[12557]: User root not allowed because not listed i
n AllowUsers
Mar 26 21:49:54 stockton sshd[12557]: error: Could not get shadow information fo
r NOUSER
Mar 26 21:49:54 stockton sshd[12557]: Failed password for illegal user root from
::ffff:222.255.236.12 port 36406 ssh2
Mar 26 21:49:57 stockton sshd[12559]: Illegal user test from ::ffff:222.255.236.
12
Mar 26 21:49:57 stockton sshd[12559]: error: Could not get shadow information fo
r NOUSER
Mar 26 21:49:57 stockton sshd[12559]: Failed password for illegal user test from
::ffff:222.255.236.12 port 36611 ssh2
