Menu
▾
▴
Re: [SSHGuard-users] sshguard on trunk with debian
|
From: jungle b. <jun...@gm...> - 2016-12-12 06:50:31
|
Hi Kevin, On 12/11/2016 08:49 PM, Kevin Zheng wrote: > On 12/09/2016 09:24, jungle Boogie wrote: >> Now knowing the services file is setup correct, what else should I >> review to determine why sshguard is not blocking? > > Check /var/log/auth.log and see if there's any relevant information. > last few lines: Dec 12 06:29:13 pine64 sshd[3030]: Failed password for root from 116.31.116.48 port 49298 ssh2 Dec 12 06:29:13 pine64 sshd[3030]: Failed password for root from 116.31.116.48 port 49298 ssh2 Dec 12 06:29:13 pine64 sshd[3032]: Failed password for root from 116.31.116.48 port 51596 ssh2 Dec 12 06:29:13 pine64 sshd[3028]: Failed password for root from 116.31.116.48 port 44698 ssh2 Dec 12 06:29:13 pine64 sshd[3030]: Failed password for root from 116.31.116.48 port 49298 ssh2 Dec 12 06:29:13 pine64 sshd[3032]: Failed password for root from 116.31.116.48 port 51596 ssh2 Dec 12 06:29:13 pine64 sshd[3028]: Failed password for root from 116.31.116.48 port 44698 ssh2 Dec 12 06:29:13 pine64 sshd[3030]: Received disconnect from 116.31.116.48 port 49298:11: [preauth] Dec 12 06:29:13 pine64 sshd[3030]: Disconnected from 116.31.116.48 port 49298 [preauth] Dec 12 06:29:13 pine64 sshd[3032]: Failed password for root from 116.31.116.48 port 51596 ssh2 Dec 12 06:29:13 pine64 sshd[3028]: Failed password for root from 116.31.116.48 port 44698 ssh2 Dec 12 06:29:14 pine64 sshd[3032]: Received disconnect from 116.31.116.48 port 51596:11: [preauth] Dec 12 06:29:14 pine64 sshd[3032]: Disconnected from 116.31.116.48 port 51596 [preauth] Dec 12 06:29:14 pine64 sshd[3028]: Received disconnect from 116.31.116.48 port 44698:11: [preauth] Dec 12 06:29:14 pine64 sshd[3028]: Disconnected from 116.31.116.48 port 44698 [preauth] Dec 12 06:29:14 pine64 sshd[3039]: ssh_dispatch_run_fatal: Connection from 116.31.116.48 port 22647: Connection refused [preauth] Dec 12 06:29:14 pine64 sshd[3034]: ssh_dispatch_run_fatal: Connection from 116.31.116.48 port 17455: Connection refused [preauth] my ssh info: ~$ ssh -V OpenSSH_7.3p1, OpenSSL 1.0.1t 3 May 2016 > Best, > Kevin > |
