Re: [tlug] attack via ssh? (don't panic :-P)

[Nikolay Elenkov <nick@example.com>]

Michael Reinsch wrote:
> On Sat, 14 May 2005 00:01:33 +0900
> Nikolay Elenkov <nick@example.com> wrote:
> 
> 
>>You may also want to limit the users that can login via ssh by user/
>>group. That cuts the connection before any authentication checks are
>>made.
> 
> 
> Really? Why doesn't sshd do that when a user is unknown on the system?
> Is that only done when using AllowGroups? The man pages don't say
> anything about that...
> 

Not really. I was wrong. Here's a part of my old logs:


sshd[17820]: User ftp not allowed because not listed in AllowUsers
sshd[17820]: error: Could not get shadow information forNOUSER
sshd[17820]: Failed password for invalid user ftp from 218.234.21.45 
port 38184 ssh2


So it checks the password after all. Sorry for the confusion.