[Sshguard-maintainers] Not catching failed passwords

[Forrest A. <fo...@fo...>]

sshguard is not catching failed password attempts for "valid" users:

    Oct 20 10:10:56 gw sshd[86897]: Failed password for root from
    80.93.212.74 port 53760 ssh2
    Oct 20 10:10:57 gw sshd[86899]: Failed password for root from
    80.93.212.74 port 53839 ssh2
    Oct 20 10:10:59 gw sshd[86901]: Failed password for root from
    80.93.212.74 port 53913 ssh2
    Oct 20 10:11:01 gw sshd[86903]: Failed password for root from
    80.93.212.74 port 53985 ssh2
    Oct 20 10:11:02 gw sshd[86918]: Failed password for root from
    80.93.212.74 port 54060 ssh2
    Oct 20 10:11:04 gw sshd[86920]: Failed password for root from
    80.93.212.74 port 54146 ssh2
    Oct 20 10:11:05 gw sshd[86922]: Failed password for root from
    80.93.212.74 port 54217 ssh2
    Oct 20 10:11:07 gw sshd[86924]: Invalid user administrator from
    80.93.212.74
    Oct 20 10:11:07 gw sshd[86924]: Failed password for invalid user
    administrator from 80.93.212.74 port 54290 ssh2
    Oct 20 10:11:09 gw sshd[86926]: Invalid user administrator from
    80.93.212.74
    Oct 20 10:11:09 gw sshd[86926]: Failed password for invalid user
    administrator from 80.93.212.74 port 54369 ssh2
    Oct 20 10:11:10 gw sshd[86928]: Invalid user administrator from
    80.93.212.74
    Oct 20 10:11:10 gw sshd[86928]: Failed password for invalid user
    administrator from 80.93.212.74 port 54444 ssh2
    Oct 20 10:11:12 gw sshd[86930]: Invalid user administrator from
    80.93.212.74
    Oct 20 10:11:12 gw sshguard[85248]: Blocking 80.93.212.74: X
    failures over X seconds.


But it catches an invalid user.   It should be especially sensitive of 
the failed root password attempts.  Even though I do not allow root logins.

Did you receive my previous 2 inquiries?


_F