From owner-freebsd-questions@FreeBSD.ORG  Thu Mar  9 14:46:27 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 630CD16A420
	for <freebsd-questions@freebsd.org>;
	Thu,  9 Mar 2006 14:46:27 +0000 (GMT)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: from mail7.sea5.speakeasy.net (mail7.sea5.speakeasy.net
	[69.17.117.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id D252543D49
	for <freebsd-questions@freebsd.org>;
	Thu,  9 Mar 2006 14:46:26 +0000 (GMT)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: (qmail 23111 invoked from network); 9 Mar 2006 14:46:26 -0000
Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org)
	([66.92.78.145])
	(envelope-sender <freebsd-questions-local@be-well.ilk.org>)
	by mail7.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <freebsd-questions@freebsd.org>; 9 Mar 2006 14:46:25 -0000
Received: by be-well.ilk.org (Postfix, from userid 1147)
	id CF78D28421; Thu,  9 Mar 2006 09:46:24 -0500 (EST)
Sender: lowell@be-well.ilk.org
To: Dave <dmehler26@woh.rr.com>
References: <004401c6427b$42d60250$0200a8c0@satellite>
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Date: 09 Mar 2006 09:46:24 -0500
In-Reply-To: <004401c6427b$42d60250$0200a8c0@satellite>
Message-ID: <44u0a71xrz.fsf@be-well.ilk.org>
Lines: 18
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-questions@freebsd.org
Subject: Re: strange message in logs, ssh breakin?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: freebsd-questions@freebsd.org
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2006 14:46:27 -0000

"Dave" <dmehler26@woh.rr.com> writes:

> Hello,
>     I've recently started seeing this in my security logs. This is on
> a freebsd6 box. Is this some kind of hack atempt?
> Thanks.
> Dave.
> 
> Mar  5 12:16:59 zeus sshd[33617]: login_getclass: unknown class 'root'
> Mar  5 12:17:03 zeus sshd[33621]: login_getclass: unknown class 'root'
> Mar  5 12:18:02 zeus sshd[33622]: fatal: Timeout before authentication
> for 195.225.129.68

By default, sshd won't allow root to log in.  Also by default, root
uses the "root" login class in login.conf (which exists by default).  

Make sure that those defaults are still present, unless you know
exactly why you want to change them.