My friends and I am working on a hobby project and we need a Git server, so I set up one on my MacBook Pro. We access the repository via SSH. However when I checked the ssh log I found someone trying to get ssh access to my machine by guessing usernames. The log looks as follows:
Jun 29 21:06:52 doh1 sshd[19400]: Invalid user postgres from 190.181.132.70 Jun 29 21:06:52 doh1 sshd[19401]: input_userauth_request: invalid user postgres Jun 29 21:06:52 doh1 sshd[19401]: Received disconnect from 190.181.132.70: 11: Bye Bye Jun 29 21:06:54 doh1 sshd[19402]: reverse mapping checking getaddrinfo for wimax132-70.yota.com.ni [190.181.132.70] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 29 21:06:54 doh1 sshd[19403]: Received disconnect from 190.181.132.70: 11: Bye Bye Jun 29 21:06:55 doh1 sshd[19405]: reverse mapping checking getaddrinfo for wimax132-70.yota.com.ni [190.181.132.70] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 29 21:06:55 doh1 sshd[19405]: Invalid user backup from 190.181.132.70 Jun 29 21:06:55 doh1 sshd[19406]: input_userauth_request: invalid user backup Jun 29 21:06:56 doh1 sshd[19406]: Received disconnect from 190.181.132.70: 11: Bye Bye Jun 29 21:06:57 doh1 sshd[19407]: reverse mapping checking getaddrinfo for wimax132-70.yota.com.ni [190.181.132.70] failed - POSSIBLE BREAK-IN ATTEMPT!
I first tried to use DenyHosts, however, there are still attempts from other IP addresses. Since there are three of us accessing the repository, I configured the hosts.allow and hosts.deny manually: deny all hosts other than the IP addresses I trust.
hosts.deny:
~$ cat /etc/hosts.deny sshd: ALL
hosts.allow:
~$ cat /etc/hosts.allow sshd: [The IP addresses you allow to connect via SSH] ALL: localhost
Now the log file should be quite…
Leave a Comment