From owner-freebsd-questions@freebsd.org Tue Aug 4 05:22:50 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3FCBB3B1B71 for ; Tue, 4 Aug 2020 05:22:50 +0000 (UTC) (envelope-from idefix@fechner.net) Received: from anny.lostinspace.de (anny.lostinspace.de [IPv6:2001:608:a02::33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BLNS91kxdz3cQk for ; Tue, 4 Aug 2020 05:22:49 +0000 (UTC) (envelope-from idefix@fechner.net) Received: from server.idefix.lan (241-130-067-156.ip-addr.inexio.net [156.67.130.241]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: idefix@fechner.net) by anny.lostinspace.de (Postfix) with ESMTPSA id 6A57AB70D3 for ; Tue, 4 Aug 2020 07:22:45 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fechner.net; s=default; t=1596518565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=EDBWH57lMsiBkXAj8T0CHVCLVazvpIUnONKXRhBxRWs=; b=qz8mySMPSi+BBIAmq0W3BavSbsxVmempkioirvDnMZ1tguN+dhAKL5POOsg4WWjY4qD7UU kL1ZQKB66Sw9dheDiH0wnnSEDkxGiNvke/1LZUQuNpDTVJT7Nbg/jZBWs36WP4oVVBd5/Y eWW2VMo/qd/VP4Q/JnFUtFGvSijQ8qE= Received: from [192.168.0.151] (241-130-067-156.ip-addr.inexio.net [156.67.130.241]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by server.idefix.lan (Postfix) with ESMTPSA id C5D6C3485EE for ; Tue, 4 Aug 2020 07:22:44 +0200 (CEST) Subject: Re: SSH log lines To: freebsd-questions@freebsd.org References: <09256F5E-469C-402B-94DC-3C07F8AC29ED@kreme.com> From: Matthias Fechner Autocrypt: addr=idefix@fechner.net; prefer-encrypt=mutual; keydata= xsFNBFqca1YBEADM9mF2+ifk8HILTlf5wtAzV6SYVR4RvNOo/8Kucw4sCZT76zS1fjZe4Zy1 3C0IZ07Wi+3PnoGIgOCsXp3PrTc2nuHQWkwVBYXy8UaR9DHBWA/mIvRGG1ZscKQYA6oUdCvd K8Mu26zO60yTt+ONzFtK6G1myH4EHXZ8dpmdCFf+W3rzTU+aCQ5S3OfwCLGgYgOaVREGkdOc 5SVCpFb4n+2B8+CqeWsRHhnT+4h7/YhgDMGp4GiI3yrB2nBVSUUvcosD2nRtJQgGQHcAFtMq 3hJaKPOR/mHc6KVrp0xmGNmdtazvXloHmGIl9O1UpmMmrYu9Kugl0JkGi2fAcno02XgVlkyX 7xDLTteP5cNqRxor4yVDaRWUQnOfK9XgcrKGrAzb65BkCSkjT+Aw3S/A8Qd6NvjL9qy1d+Ct dzatOVF/Y7jaW28CMr3jvwPS13OxV7PnJzIZzdik20eVxfOXuYfxZD+PwBaGgFF0qj6zKACC aKLalE0ZpY0zNn/iPyQX/Cf9KoDyFpOHSsEswiJ5rCWwppVcsFyogHOemVmeaXlvyDPEipnV ZUkpGP/CCqPu3eD0uDzP7UJ0pt/l/JfW0Xw/4p9mjB024xiRlxLa6vSRfGl//EdtAIbKKa8x 5wsKTQEbYJDmXE3tH/A54DCqRXhcopTlu2iJlTdnIMltn9afVwARAQABzSVNYXR0aGlhcyBG ZWNobmVyIDxpZGVmaXhAZmVjaG5lci5uZXQ+wsGuBBMBCgBBAhsDBQkJZgGABQsJCAcDBRUK CQgLBRYDAgEAAh4BAheAFiEEaWB64mCp804YOtqutot13J/XR+EFAlqcc9gCGQEAIQkQtot1 3J/XR+EWIQRpYHriYKnzThg62q62i3Xcn9dH4ZDKEADAPFRKDtfZpLV3quthRl0OTytPlMKN rIMDI4BN0BSElFmTypdE0Xbsy7rGI5OYi8QwotqA2yK199mzWD+a6VFCINUuWgZq/vGjNJ9i Vo5hak9vnnCmy6BA8tnPQ6RT23PDuPvuw8++cDF6pKh9QnNB1nOnjdpXBdWqwnetjSMbNgDl EtLoIEjVFFHz+EcszGykM+Xv0hbcaEgcBdpVfUdUkDagkSj1j3kOcnBfw1X6G8uVRUDYoN00 oWJUkp5XdxyrD7/nNbdjwnpF3xuVb2enrxnuXLG3qa+wMR1LE7IZKQ9qDMgN8eqYN+Rp66bu AczDB4fZ7alm6HMxmSso2hKQqInm6KbrfxmGfPOYRaHaq1g+AeVkbWM7qfYNLMKomRBiNhS0 uPvKUiBlqQbwzeJ1BG6AciYwGr4dIy5ZHwUjnaCHX7gtsgCscHhhZNOv3fcSXCFLWO2iYr1J 5Z7M9+O6enGpdCXhBHSpcC6CWw4wnrJOiBvqVzSrIR05rlUJdBMtIP3JmmiVJA6M57VcTIzi Dm/sWs8EZWeL0DGUBG9QNVthAO/X7gCByG2CkuYAXyYM+r+0Z5e4A7eb4TFANekngKd4j1gd z6OhTZxdCLkw/U3OAw5XjdcRkKJNbQ4FYzX7znuCYOoZvJsTsXdQWm8Gz381Fae7GgppjFhu oI5zec7BTQRanGtWARAA3e4IsdkX7VWByvNiPAvXAAnCNhvtSccq81h1oEqBbSfQ1N9pMIsf Edg87w2VXX6U1y1J5ct6JamYTWUIMer/77ncQnfg6xF3+fbjo9218h+W0wvve2yarpL3NPJ7 bO/suyYTuOBQFpqxu/SpItLJs5S+RHGPfEG4r1iaD9ldoQ06HHAhDqhCg0uDd6uz23leXg1U rqDPNnY51Mae5RWFCaLits/ThHQYkWEC0YsBhQLGVdVmF08CziplqgAQ/mdb+7YzLNJoii7B wQh220CI9l2smv5rg4YrPzxKfrOopJq7JQAOBf4by0pQ42Blt/PhJJG+WKc6DJTZHLJ81L3v uv9h9ocf6gDGDfXJRY+0P+vJ9XDr1sa8rxFCtn35zW/JYEAGhA6Hn4kdb8AT1ePl1Bq0R9aY Y7f78VGjZMiGplBdeXw9b6O0SOSGA4c5RfkRHNKbqcJw8jD4tSQQg1wtz1vDh+/V45Yh0G4J yQYzitZeQthuqF1LN1Z4KwLS2JCTzHs7XNdEk4oXishMl3+pffbYQfb0FH5P1XUfDssNJF77 djG2heFE5lFeMXxCeIQd4pU1FQKiavqtYaa4eOw1NDu3C3CcbzFI58KRgCn0atvMGQhhf5UW 8VAupUz4i3dECWB79vClk++SvdsWwmTglL4QC6AEis/TF30Ew6HoSPkAEQEAAcLBkwQYAQoA JhYhBGlgeuJgqfNOGDrarraLddyf10fhBQJanGtWAhsMBQkJZgGAACEJELaLddyf10fhFiEE aWB64mCp804YOtqutot13J/XR+GWbBAAqECNdPYbaYVXtgEISe8Lj6PKSK0hQNDG9KX4m1/7 GMPGWc/8d3LUyNwI6tm2kmqHmyLlMneqDyO3AM4C+LNsx4mdwoR9nQ8SZTj35DmoitduAyTD 6lolrsXt/bYKtt7bD4cHLxfgwvkpCaC1igmDQtOn0t2y5LWdLOJVRObany+cMDL8YMQfuvrF h8GVkr9SMAf4HqL+s5BIVXZF6qxjxOdi8i31NAAjJooXJdP56bAjGUpbNLq4HgrDzLhz0J5n DNhEW3q3vIvTnSkA8xga021pfQ8TUX+KPnAGIqxCTNynPmQ9khN+G00r4N5HUEGUG4/qPgUX LEdC2hmzkZDWjGZaeTrl7Xi+pxu7GwD59G41FJbqfAiRFw1xDRuiyRtf6FVhaptzrT8q+VKD EALobhsdPzpugFyq/5pPr3rqCljF5KpZdOOf22BO219gNIJMhhOQ3Y2ohz5kvTbFrig3hMS5 V2Ti9Rl/jyo1iwA8Jb9O1xwfB3+lNP5aX9/5oIEbah8imx7dIkamGjAveYFXTK27oMYetVP8 8SGsHlO1aJQ+XEa5bcaj6ebMzsA88ONiWMG6WLFxSVzZLghgpitSx3EoXxIILX1d4PySs7zU UJ+qdX9H66aZf3meVL1lSqzRESc3GYJDnnMcIivy/yaBqRn1jqlhrE8XvwJ0HF8Y/A8= Message-ID: <745dc612-d5a4-1e06-89bb-8df5dfbd7e1f@fechner.net> Date: Tue, 4 Aug 2020 07:22:42 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <09256F5E-469C-402B-94DC-3C07F8AC29ED@kreme.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Server: anny.lostinspace.de X-Rspamd-Queue-Id: 4BLNS91kxdz3cQk X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=fechner.net header.s=default header.b=qz8mySMP; dmarc=pass (policy=none) header.from=fechner.net; spf=pass (mx1.freebsd.org: domain of idefix@fechner.net designates 2001:608:a02::33 as permitted sender) smtp.mailfrom=idefix@fechner.net X-Spamd-Result: default: False [-5.81 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[fechner.net:s=default]; NEURAL_HAM_MEDIUM(-1.03)[-1.025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_MED(-2.00)[fechner.net:dkim]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.987]; RCVD_COUNT_THREE(0.00)[3]; RCVD_IN_DNSWL_MED(-0.20)[2001:608:a02::33:from]; DKIM_TRACE(0.00)[fechner.net:+]; DMARC_POLICY_ALLOW(-0.50)[fechner.net,none]; NEURAL_HAM_SHORT(-0.10)[-0.100]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5539, ipnet:2001:608::/32, country:DE]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[156.67.130.241:received] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Aug 2020 05:22:50 -0000 Am 03.08.2020 um 21:37 schrieb @lbutlr: > When some moon tires to login to an account like root, ssh does n’t log the IP address in the failure line as it does with non-existent users. > > sshd[99328] error: PAM: Authentication error for root from vps-94314d13.vps.ovh.ca > sshd[99328] Connection closed by authenticating user root 139.99.236.165 port 46226 [preauth] > > sshd[7202] Invalid user pi from 2.232.248.6 port 46438 > > Is there anyway that I can change this so that the IP address appears not eh same line as the Authentication error, it would make my blacklisting these people much easier. try fail2ban, it can handle all of this correctly. Gruß Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook