On 1/5/2010 11:49 AM, Benjamin Franz wrote:
>
> If your brute force protection is not catching the repeated login
> failures, you should check its configuration.
>

Or give up and move SSH to a non-standard port, at least from the
outside. (I got tired a few years ago of watching my log files fill up
with attack attempts.)
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Tue, January 5, 2010 11:56, Ned Slider wrote:
>
> Those are the *source ports* from the attacking host, not the
> destination port on which you are running SSH. I /assume/ the number
> enclosed in '[]' to be the pid of the sshd instance associated with
> the
> connection attempt.
>
> Hope that helps.
>

I discovered a mal-configured rule in iptables respecting access to
the local sshd. As this is a gateway machine other connections to
port 22 on different ips have to pass through it. I had conflated
the separate requirements of local and network access into a single
rule which simply did not serve the multiple purposes I imagined it
did.

Thank you to all who replied. I learned a few new things today.

Sincerely,

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos