DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 21st May 2009
Mantazz Mantazz is offline
Shell Scout
 
Join Date: Oct 2008
Posts: 90
Thanked 0 Times in 0 Posts
Default sshd logging - can we get the ssh command?

My FreeBSD server at home is periodically subjected to distributed hack attempts (which inevitable fail for various reasons). It is not unusual to see these involve over 200 unique IP addresses in a single day. I find these attempts to be little more than annoying, and the distributed nature seems to make it rather meaningless to report them or do much of anything else proactive or reactive for them.

However I have been wondering how my poor little server at home ever came to be subjected to this to begin with. I host only my own web pages, and thy are so insignificant that the main page on said server isn't even indexed by google.

Of course my server could be accessed over ssh via two different methods of calling by address - either by name or by numeric address. The name is rather obscure (via dyndns.org) so the odds of someone guessing it at random are rather small. I suspect it is more likely that someone did a scan on port 22 over a great range of IP addresses and found mine to be open.

Is there any way to confirm this? I would like sshd, if possible, to tell me who accesses my server via the command
Code:
ssh myserver.mydomain.youcantguessthis.org
as opposed to
Code:
ssh 123.234.231.132
Does the ssh daemon know the difference? Is there any way for it to know the difference and log it somewhere? I don't even care what password is provided as the distributed hacks have so far always provided only invalid usernames or usernames that are not allowed to log in via ssh anyways.
Reply With Quote
 

Tags
freebsd, log, security, ssh, sshd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
pflog not logging. bsdnewbie999 OpenBSD General 9 13th March 2009 11:19 PM
Suggestions for Web Traffic Logging? Bruco FreeBSD Ports and Packages 16 18th September 2008 10:54 PM
Network + aMule Logging Problems disappearedng FreeBSD General 0 28th August 2008 09:22 PM
spamd logging question roundkat OpenBSD General 10 11th June 2008 01:27 PM
sshd and timeout Sunsawe FreeBSD Security 6 29th May 2008 12:54 PM


All times are GMT. The time now is 09:00 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick