My friends and I am working on a hobby project and we need a Git server, so I set up one on my MacBook Pro. We access the repository via SSH. However when I checked the ssh log I found someone trying to get ssh access to my machine by guessing usernames. The log looks as follows:
|
1 2 3 4 5 6 7 8 9 10 |
Jun 29 21:06:52 doh1 sshd[19400]: Invalid user postgres from 190.181.132.70 Jun 29 21:06:52 doh1 sshd[19401]: input_userauth_request: invalid user postgres Jun 29 21:06:52 doh1 sshd[19401]: Received disconnect from 190.181.132.70: 11: Bye Bye Jun 29 21:06:54 doh1 sshd[19402]: reverse mapping checking getaddrinfo for wimax132-70.yota.com.ni [190.181.132.70] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 29 21:06:54 doh1 sshd[19403]: Received disconnect from 190.181.132.70: 11: Bye Bye Jun 29 21:06:55 doh1 sshd[19405]: reverse mapping checking getaddrinfo for wimax132-70.yota.com.ni [190.181.132.70] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 29 21:06:55 doh1 sshd[19405]: Invalid user backup from 190.181.132.70 Jun 29 21:06:55 doh1 sshd[19406]: input_userauth_request: invalid user backup Jun 29 21:06:56 doh1 sshd[19406]: Received disconnect from 190.181.132.70: 11: Bye Bye Jun 29 21:06:57 doh1 sshd[19407]: reverse mapping checking getaddrinfo for wimax132-70.yota.com.ni [190.181.132.70] failed - POSSIBLE BREAK-IN ATTEMPT! |
I first tried to use DenyHosts, however, there are still attempts from other IP addresses. Since there are three of us accessing the repository, I configured the hosts.allow and hosts.deny manually: deny all hosts other than the IP addresses I trust.
hosts.deny:
|
1 2 |
~$ cat /etc/hosts.deny sshd: ALL |
hosts.allow:
|
1 2 3 |
~$ cat /etc/hosts.allow sshd: [The IP addresses you allow to connect via SSH] ALL: localhost |
Now the log file should be quite…
Leave a Comment