Menu
▾
▴
Re: [Sshguard-users] sshguard won't work on debian or ubuntu
|
From: Robert S <rob...@gm...> - 2007-06-26 22:07:05
|
> 2) for syslogd, external procs are not started when syslogd is > restarted, but at the first occurrence of a log for them. So, restart > syslogd and try a ssh login before checking ps. I tried using syslog-ng - no luck. > I am interested in your report. Could you please: > 1) disable syslog config for sshguard > 2) reinstall sshguard > 3) run sshguard from the command line as > /usr/local/sbin/sshguard I have tried these things. I get no output when I do this: # /usr/local/sbin/sshguard When I do Ctrl-C I get: ip6tables: No chain/target/match by that name (I assume this is normal because I don't have any ip6tables chain - I get this on my gentoo machine that works OK) My /var/log/messages gives me these messages, but there is no sign that sshguard is being activated when a failed login occurs: Jun 27 17:48:06 etch sshguard[11412]: Started successfully [(a,p,s)=(4, 420, 1200)], now ready to scan. Jun 27 17:48:55 etch sshguard[11412]: Got exit signal, flushing blocked addresses and exiting... These are the messages I get in my logs when a failed login occurs (I tried disabling PAM): Jun 27 17:49:25 etch sshd[11521]: Failed password for robert from 192.168.2.40 port 33202 ssh2 Jun 27 17:49:28 etch sshd[11523]: Failed password for robert from 192.168.2.40 port 33203 ssh2 Jun 27 17:49:29 etch sshd[11523]: Failed password for robert from 192.168.2.40 port 33203 ssh2 With PAM enabled I get these messages: Jun 27 17:58:28 etch sshd[11575]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myhost.mydomain.com.au user=robert Jun 27 17:58:31 etch sshd[11575]: Failed password for robert from 192.168.2.40 port 57699 ssh2 Jun 27 17:58:33 etch sshd[11575]: Failed password for robert from 192.168.2.40 port 57699 ssh2 Jun 27 17:58:36 etch sshd[11575]: Failed password for robert from 192.168.2.40 port 57699 ssh2 I hope this is of some help. Robert. |
