[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] SSH access refused for legitimate user under heavy load



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Saturday, 2009-06-06 at 14:49 +0200, Pieter Van Gorp wrote:

Dear BujdosÃ,
thanks for your reply.

He should post to the list, not in private.


_If_ you think that the firewall is responsible for the timeouts you might
take a look at your /var/log/firewall
In the firewall log, I have no entries for the machine from which the
connections were initiated (and refused to).  How should I interpret
this observation?

That the firewall is not involved, or that the firewall is not configured to log those events.


Then you can look at
/etc/sysconfig/SuSEfirewall2
config file in the "FW_SERVICES_ACCEPT_EXT" section.
The hitcount/blockseconds identifiers do not occur in this file...

Not been able to look at the post you are replying to, as it was a private mail, I assume he told you to look at an entry like this:

FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

which would have that effect of limiting to 3 attempts per minute.


Should I investigate other paths than the firewall?  Any clues?

Search for ssh related entries en /var/log/messages. Like:

May  2 14:48:04 nimrodel sshd[24255]: Accepted publickey for cer from ::1 port 24897 ssh2

You could see a reject. You can also increase verbosity in the sshd log.

- -- Cheers,
       Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkorlx0ACgkQtTMYHG2NR9VkfACfUnuVvkXY2MyysljzPoBiARw9
BCIAn0cyXtAtJQwCgj1JhnUh3zxDdS6O
=Rx9D
-----END PGP SIGNATURE-----