Allowing SSH to users in Centos

[RHochstenbach]

I've got a web server running on Centos. I can log on with SSH, but when others try to log on, I get an Access Denied. Any fix for this?

 

[Anti-Trend]

Does the sshd_config have an AllowUsers or AllowGroups entry?

 

[RHochstenbach]

Does the sshd_config have an AllowUsers or AllowGroups entry?

Nope, it doesn't have this line in the file.

 

[Anti-Trend]

Nope, it doesn't have this line in the file.

What does the security log say when they try to connect?

 

[RHochstenbach]

What does the security log say when they try to connect?

Eh...how can I access the security log?

[ot]still Linux n00b[/ot]

 

[Anti-Trend]

Eh...how can I access the security log?

[ot]still Linux n00b[/ot]

cat /var/log/secure

 

[RHochstenbach]

This is the output (user name is admin2):

Jun 23 05:41:12 server sshd[11735]: Invalid user admin2 from 84.25.10.75
Jun 23 05:41:12 server sshd[11738]: input_userauth_request: invalid user admin2
Jun 23 05:41:16 server sshd[11735]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:41:16 server sshd[11735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cp1340521-a.landg1.lb.home.nl 
Jun 23 05:41:17 server sshd[11735]: Failed password for invalid user admin2 from 84.25.10.75 port 37759 ssh2
Jun 23 05:41:30 server sshd[11735]: Failed password for invalid user admin2 from 84.25.10.75 port 37759 ssh2

btw in the entire log file I can see loads of failed authentications from usernames that I don't know, like hacker, virus and such.

Is there any way to clear the logs? The server is running for a few days and already 700 pages in size.

 

[Anti-Trend]

This is the output (user name is admin2):

Jun 23 05:41:12 server sshd[11735]: Invalid user admin2 from 84.25.10.75
Jun 23 05:41:12 server sshd[11738]: input_userauth_request: invalid user admin2
Jun 23 05:41:16 server sshd[11735]: pam_unix(sshd:auth): check pass; user unknown
Jun 23 05:41:16 server sshd[11735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cp1340521-a.landg1.lb.home.nl 
Jun 23 05:41:17 server sshd[11735]: Failed password for invalid user admin2 from 84.25.10.75 port 37759 ssh2
Jun 23 05:41:30 server sshd[11735]: Failed password for invalid user admin2 from 84.25.10.75 port 37759 ssh2

btw in the entire log file I can see loads of failed authentications from usernames that I don't know, like hacker, virus and such.

Is there any way to clear the logs? The server is running for a few days and already 700 pages in size.

The logs say that the user is invalid. Either the account is disabled or it doesn't exist. Also, note that variations on the word "root" or "admin" are really bad choices for Unix accounts, since they are a great candidate for brute forcing via SSH.

anti-trend.homelinux.org

As for clearing the logs, your server *should* be running something like logrotate to tar off the old logs and eventually delete them (it's behavior in this respect can be modified).

 

[RHochstenbach]

I've performed some steps for hardening SSH.

Now about the user that doesn't exist. How can I add a user?

 

[Anti-Trend]

General System Administration Issues

You can find plenty of useful literature on my server. The chapter linked above should cover basic system administration for you. :)

 

[RHochstenbach]

Thanks dude! Your network skills are really valueable to me :)

I've also managed to install Fail2Ban using this tutorial.