SSHGuard not block access from unregistered users
Issue #156
new
Should sshguard block this type of access attempt?
sshguard 1.7.1
/usr/sbin/sshguard -a 30 -p 18000 -s 345600 -w /etc/sshguard/whitelist -b 100:/var/lib/sshguard/db/blacklist.db -l /var/log/sshguard-journal-tail
dez 06 16:56:54 sshd[...]: error: Could not get shadow information for NOUSER
dez 06 16:56:54 sshd[...]: Failed password for invalid user admin from 209.239.112.213 port 42234 ssh2
dez 06 16:56:55 sshd[...]: Connection closed by invalid user admin 209.239.112.213 port 42234 [preauth]
dez 06 16:56:55 sshd[...]: Invalid user admin from 209.239.112.213 port 43420
dez 06 16:56:55 sshd[...]: error: Could not get shadow information for NOUSER
dez 06 16:56:55 sshd[...]: Failed password for invalid user admin from 209.239.112.213 port 43420 ssh2
dez 06 16:56:56 sshd[...]: Connection closed by invalid user admin 209.239.112.213 port 43420 [preauth]
dez 06 16:56:56 sshd[...]: Invalid user admin from 209.239.112.213 port 43852
dez 06 16:56:57 sshd[...]: error: Could not get shadow information for NOUSER
dez 06 16:56:57 sshd[...]: Failed password for invalid user admin from 209.239.112.213 port 43852 ssh2
dez 06 16:56:57 sshd[...]: Connection closed by invalid user admin 209.239.112.213 port 43852 [preauth]
dez 06 16:56:57 sshd[...]: Invalid user admin from 209.239.112.213 port 44576
dez 06 16:56:58 sshd[...]: error: Could not get shadow information for NOUSER
dez 06 16:56:58 sshd[...]: Failed password for invalid user admin from 209.239.112.213 port 44576 ssh2
dez 06 16:56:58 sshd[...]: Connection closed by invalid user admin 209.239.112.213 port 44576 [preauth]
dez 06 16:56:59 sshd[...]: Invalid user admin from 209.239.112.213 port 45000
dez 06 16:56:59 sshd[...]: error: Could not get shadow information for NOUSER
Comments (1)
Sorry for the belated response. The latest version (v2.4.2) detects and blocks these types of attempts. Is there a reason that you cannot upgrade?