I've got a web server running on Centos. I can log on with SSH, but when others try to log on, I get an Access Denied. Any fix for this?
This is the output (user name is admin2): Code: Jun 23 05:41:12 server sshd[11735]: Invalid user admin2 from 84.25.10.75 Jun 23 05:41:12 server sshd[11738]: input_userauth_request: invalid user admin2 Jun 23 05:41:16 server sshd[11735]: pam_unix(sshd:auth): check pass; user unknown Jun 23 05:41:16 server sshd[11735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cp1340521-a.landg1.lb.home.nl Jun 23 05:41:17 server sshd[11735]: Failed password for invalid user admin2 from 84.25.10.75 port 37759 ssh2 Jun 23 05:41:30 server sshd[11735]: Failed password for invalid user admin2 from 84.25.10.75 port 37759 ssh2 btw in the entire log file I can see loads of failed authentications from usernames that I don't know, like hacker, virus and such. Is there any way to clear the logs? The server is running for a few days and already 700 pages in size.
The logs say that the user is invalid. Either the account is disabled or it doesn't exist. Also, note that variations on the word "root" or "admin" are really bad choices for Unix accounts, since they are a great candidate for brute forcing via SSH. anti-trend.homelinux.org As for clearing the logs, your server *should* be running something like logrotate to tar off the old logs and eventually delete them (it's behavior in this respect can be modified).
I've performed some steps for hardening SSH. Now about the user that doesn't exist. How can I add a user?
General System Administration Issues You can find plenty of useful literature on my server. The chapter linked above should cover basic system administration for you.
Thanks dude! Your network skills are really valueable to me I've also managed to install Fail2Ban using this tutorial.