Re: [Sshguard-users] OS X 10.10 (Yosemite) and "authentication error for <user> from <ip> via <ip>"

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

>
> found this (line 146) in "attack_scanner.l":

 /* wrong password for valid user @ FreeBSD, Debian */
"error: PAM: "[aA]"uthentication "(error|failure)" for "("illegal user
")?.+" from "            { return SSH_LOGINERR_PAM; }

which seems to be the appropriate pattern...
is there a quick way I can add to that pattern to keep it from spazzing out
when it gets the "via xx.xx.xx.xx"   ????

Re: [Sshguard-users] OS X 10.10 (Yosemite) and "authentication error for <user> from <ip> via <ip>"

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] OS X 10.10 (Yosemite) and "authentication error for <user> from <ip> via <ip>"