I have a couple Tru64 boxes (4.0f and 5.1b) both using C2 security
that get occasional root login attacks via SSH. These attacks (3000
hits on root last time) cause the root account to get locked. I tried
disabling root logins from SSH with "PerminRootLogins no" (in
sshd_config) but I still see failed attempts logged in the auth db
(u_numunsuclog for root user increments). I then tried adding
"DenyUsers root" too which seems to work on the 4.0f system but not on
5.1b. I do get an "invalid user" error in the auth.log in both but on
5.1b u_numunsuclog still increments.
The Tru64 delivered ssh is not beig used, but rather a version of
OpenSSH manually downloaded/built. (4.0f has OpenSSH 3.1p1 and 5.1b
has 3.7.1p2) The 5.1b system was just upgraded from 5.1a to 5.1b.
_Mike
Received on Thu Jan 27 2005 - 01:43:59 NZDT