I have specified the following in /etc/ssh/sshd_config.
PermitRootLogin no
MaxAuthTries 3
LoginGraceTime 5m
However, the following access logs still appear continuously from China's IP.
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.198.146 user=root
Failed password for invalid user root from 58.218.198.146 port 25157 ssh2
Failed password for invalid user root from 58.218.198.146 port 25157 ssh2
My definitions on the sshd_config looks not reflected.
Why?
My env: CentOS-6.9-x86_64-minimal.iso with ks=http://dl.efa-project.org/build/3/ks.cfg.
Definition on sshd_config are not reflected
Re: Definition on sshd_config are not reflected
What are you expecting to see?
[edit]
The reason I ask is that those messages are correct. Someone tried to log in with a password but could not.
Try it yourself. Attempt to log in as root with the correct password and see if you can get in. If you cannot, then sshd is blocking the password logins, just as you would expect them to.
I've tested it on my instance and that is exactly the behaviour I am seeing. When I enable root login via password, it works just fine and disabled, I cannot log in - just as expected.
Hope that helps clear things up.
[edit]
The reason I ask is that those messages are correct. Someone tried to log in with a password but could not.
Try it yourself. Attempt to log in as root with the correct password and see if you can get in. If you cannot, then sshd is blocking the password logins, just as you would expect them to.
I've tested it on my instance and that is exactly the behaviour I am seeing. When I enable root login via password, it works just fine and disabled, I cannot log in - just as expected.
Hope that helps clear things up.
Re: Definition on sshd_config are not reflected
In the sshd of my centos 6.9 original,
if I designate them, it will not be in the log never.
Also the following iptables commands do not work too.
iptables -A INPUT -p tcp --dport 22 -j DROP ;
iptables -A INPUT -p tcp --sport 22 -j DROP ;
Is not something strange?
if I designate them, it will not be in the log never.
Also the following iptables commands do not work too.
iptables -A INPUT -p tcp --dport 22 -j DROP ;
iptables -A INPUT -p tcp --sport 22 -j DROP ;
Is not something strange?
Re: Definition on sshd_config are not reflected
Ok, i don't understand what you mean exactly.
It sounds like you have two questions for two problems so you need to solve them separately.
Can you tell me exactly what you want to do any why? If I understand this, I can give you better answers.
It sounds like you have two questions for two problems so you need to solve them separately.
Can you tell me exactly what you want to do any why? If I understand this, I can give you better answers.
Re: Definition on sshd_config are not reflected
My questions are:
why sshd_config does not work?
Why iptables does not work? I think that are same.
Why, whatever I specify,
the /var/log/secure have been recording the continuously access from China?
If sshd_config does efective, the same IP never appear consecutively.
If iptables does efective, it never be logged at all.
My destination are,
I like a server with ssh that only accepts from specific IP .
Also, I like a server with ssh that only accepts to specific user ID.
that's all.
why sshd_config does not work?
Why iptables does not work? I think that are same.
Why, whatever I specify,
the /var/log/secure have been recording the continuously access from China?
If sshd_config does efective, the same IP never appear consecutively.
If iptables does efective, it never be logged at all.
My destination are,
I like a server with ssh that only accepts from specific IP .
Also, I like a server with ssh that only accepts to specific user ID.
that's all.
Re: Definition on sshd_config are not reflected
What does your iptable look like. The way you added those rules will append them after any other rule already existing and thus it is no wonder that they don't do anything…
This is my iptable setup, I haven't done much tinkering with it,except adding support for the check-mk-agent:
If I wanted to block ssh entirely, I'd rather delete rule #6, which currently allows ssh access… Issueing your iptables commands will put those way down after the REJECT rule in the INPUT chain.
This is my iptable setup, I haven't done much tinkering with it,except adding support for the check-mk-agent:
Code: Select all
[root@efa ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:check-mk-agent
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ndmp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Re: Definition on sshd_config are not reflected
I can not understand why the following specification of # 6 exists by default.
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
However, you pointed out the cause of this strange behavior of iptables. Thankyou!
I have to have consideration about other "smtp", "ndmp", "http" and "https" are also necessary.
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
However, you pointed out the cause of this strange behavior of iptables. Thankyou!
I have to have consideration about other "smtp", "ndmp", "http" and "https" are also necessary.
Re: Definition on sshd_config are not reflected
If you turn off smtp, http, https access, than you could very well just shutdown your efa box, as it will be of no further use…
Re: Definition on sshd_config are not reflected
Yes I have understood it, however...
> My destination are,
> I like a server with ssh that only accepts from specific IP .
> Also, I like a server with ssh that only accepts to specific user ID.
Now I deleted them and recreated the secure.
> My destination are,
> I like a server with ssh that only accepts from specific IP .
> Also, I like a server with ssh that only accepts to specific user ID.
Now I deleted them and recreated the secure.