SSH et Fail2Ban

Forum sur la sécurité des réseaux, la configuration des firewalls, la mise en place de protections contre les attaques, de DMZ, de systèmes anti-intrusion ...

SSH et Fail2Ban

Message par Cool34000 » 29 Jan 2012 10:18

Salut,

Je viens de m'apercevoir d'un problème sur mon serveur Debian 6 un peu bizarre...

Le service SSH est ouvert sur l'extérieur sur ce serveur pour pouvoir l'administrer à distance.
J'ai désactivé l'utilisation de mot de passe pour s'y connecter, l'utilisation d'une clé privée est donc requise.
Fail2Ban est installé et configuré sur ce serveur pour surveiller les journaux du service SSH (SSH + SSH-DDOS).

Quand quelqu'un se connecte sans rentrer la clé privée, un message d'erreur apparait à l'écran indiquant que la méthode d'authentification n'est pas bonne (normal, il faut obligatoirement une clé privée !)
Jusque là, tout est normal sauf que SSH ne journalise pas cet évenement dans /var/log/auth.log et que par conscéquence Fail2Ban ne voit aucune attaque si celle ci se répète !
J'ai tenté d'augmenter le niveau de verbosité du service SSH, mais je ne vois toujours pas une trace des tentatives de connexions.


Si quelqu'un a une idée du pourquoi SSH ne journaliserait pas ce type précis de tentative de connexion, je suis prenneur !
In a world without walls and fences, who needs windows and gates?
Cool34000
 
Message(s) : 199
Inscription : 12 Sep 2011 19:02
Localisation : Nimes, France

Re: SSH et Fail2Ban

Message par jdh » 29 Jan 2012 10:43

Bonjour,

Je viens d'essayer sur une Debian Squeeze 'tout ce qu'il y a de normal' :
Code : Tout sélectionner
(tail -f /var/log/auth.log)
Jan 29 10:33:21 generic sshd[4832]: pam_unix(sshd:session): session closed for user root
Jan 29 10:35:35 generic sshd[4848]: Accepted password for root from 192.168.51.22 port 56150 ssh2
Jan 29 10:35:35 generic sshd[4848]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 29 10:35:56 generic sshd[4848]: pam_unix(sshd:session): session closed for user root
Jan 29 10:38:27 generic sshd[4861]: Accepted publickey for root from 192.168.51.22 port 56194 ssh2
Jan 29 10:38:27 generic sshd[4861]: pam_unix(sshd:session): session opened for user root by (uid=0)

J'ai utilisé Kitty (mieux que Putty) et un tuto http://jason.sharonandjason.com/key_bas ... how_to.htm.
Mais je n'ai pas modifié sshd.conf pour interdire les mots de passe.
Bon, certes, je n'essaie pas avec une mauvaise clé mais comme il y a bien la ligne qui faut dans auth.log.

Peut-être regarder du côté de (r)syslog s'il y a bien une ligne 'auth.*' ?
L'intelligence artificielle n'est rien à côté de la stupidité naturelle.
jdh
 
Message(s) : 731
Inscription : 02 Nov 2011 00:36
Localisation : Nantes - Angers

Re: SSH et Fail2Ban

Message par Cool34000 » 29 Jan 2012 10:52

Hello,

Je vois bien mes connexions perso dans /var/log/auth.log :
Code : Tout sélectionner
Jan 29 10:44:02 debian-box sshd[21035]: Accepted publickey for root from 192.168.0.100 port 63420 ssh2
Jan 29 10:44:02 debian-box sshd[21035]: pam_unix(sshd:session): session opened for user root by (uid=0)

Le problème ne se produit que lorsque je désactive l'authentification par mot de passe standard ! J'ai tenté 3 secondes après de me connecter sans fournir la clé, le log n'en parle pas...

Pour info, j'utilise un script maison pour configurer SSH avec clé privée, si ça interesse quelqu'un, le voici :
Code : Tout sélectionner
#!/bin/sh

###########################################################################
# Variables
WORKDIR=/root
MAIL=monadresse@email.fr
SRV=`hostname`
###########################################################################

###########################################################################
# Création d'un jeu de clés SSH
clear
echo
echo "-----------------------"
echo "Configuration de SSH..."
echo "-----------------------"
echo -n "Voulez vous créer une paire de clé publique/privé pour 'root' ? (o/n) [n] "
read sshkeys
if [ "$sshkeys" = "o" -o "$sshkeys" = "O" ]; then
  passok=1
  while [ "$passok" != "0" ] ; do
    ssh-keygen -t rsa -f ${WORKDIR}/key.ppk 2>${WORKDIR}/err
    passok=$(grep -c "passphrase too short" < ${WORKDIR}/err)
    if [ "$passok" = "1" ]; then
      echo "passphrase too short: have 4 bytes, need > 4"
      echo
    fi
  done
  mkdir -p /root/.ssh/
  cat ${WORKDIR}/key.ppk.pub > /root/.ssh/authorized_keys
  cat ${WORKDIR}/key.ppk >> /root/.ssh/authorized_keys
  echo "Désactivation de l'authentification SSH à l'aide de mots de passe standards"
  sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
  /etc/init.d/ssh restart
  echo "Envoi de la clé privée par mail à $MAIL..."
  echo >  ${WORKDIR}/ssh.txt
  echo >> ${WORKDIR}/ssh.txt
  echo >> ${WORKDIR}/ssh.txt
  echo "- L'accès SSH à votre serveur a été sécurisé avec une paire de clés publique-privé." >> ${WORKDIR}/ssh.txt
  echo "- L'authenfication par SSH à l'aide de mots de passe standards a été désactivée pour augmenter le niveau de sécurité." >> ${WORKDIR}/ssh.txt
  echo >> ${WORKDIR}/ssh.txt
  echo "- Les clés ont étés générés avec OPENSSH et si vous utilisez PuTTY et WinSCP, vous devrez alors modifier" >> ${WORKDIR}/ssh.txt
  echo "- la clé publique qui vous a été envoyée dans ce mail avant de pouvoir l'utiliser avec WinSCP par exemple." >> ${WORKDIR}/ssh.txt
  echo "- Il suffit d'éditer la clé avec PuTTYGen et de la sauvegarder dans le bon format." >> ${WORKDIR}/ssh.txt
  echo "- Vous pourrez ensuite utiliser la clé avec WinSCP..." >> ${WORKDIR}/ssh.txt
  echo >> ${WORKDIR}/ssh.txt
  echo "- ATTENTION : Ne perdez pas le fichier joint à ce mail, il a été supprimé du serveur !" >> ${WORKDIR}/ssh.txt
  echo "- Si vous perdez ce fichier, vous devrez réactiver l'authentification par SSH à l'aide de mots de passe" >> ${WORKDIR}/ssh.txt
  echo "- standards dans le fichier '/etc/ssh/sshd_config' pour supprimer et recréer le fichier '${WORKDIR}/.ssh/authorized_keys'" >> ${WORKDIR}/ssh.txt
  mutt -s "Mise en place des clés SSH sur $SRV" $MAIL < ${WORKDIR}/ssh.txt -a ${WORKDIR}/key.ppk
  rm -f ${WORKDIR}/err
  rm -f ${WORKDIR}/key.ppk.pub
  rm -f ${WORKDIR}/key.ppk
  rm -f ${WORKDIR}/sent
  rm -f ${WORKDIR}/ssh.txt
  echo
  echo
  echo
fi
In a world without walls and fences, who needs windows and gates?
Cool34000
 
Message(s) : 199
Inscription : 12 Sep 2011 19:02
Localisation : Nimes, France

Re: SSH et Fail2Ban

Message par Cool34000 » 29 Jan 2012 10:55

Re...

J'ai oublié de préciser qu'il n'y a rien non plus dans /var/log/syslog (idem pour les connexions réussies)
In a world without walls and fences, who needs windows and gates?
Cool34000
 
Message(s) : 199
Inscription : 12 Sep 2011 19:02
Localisation : Nimes, France

Re: SSH et Fail2Ban

Message par jdh » 29 Jan 2012 11:01

Ne pas oublier que c'est syslog qui ... logue ! (rsyslog a remplacé syslog pour Debian Squeeze 6)
Donc une ligne 'auth.*' qui permet d'avoir quelque chose dans un fichier de /var/log/.
auth pour le système d'authentification et * pour tout niveaux d'alertes.
Au pire ajoutes donc une ligne *.* vers debug.log et tu verras mieux ce qui se passe (après reboot de rsyslog par kill -HUP).
L'intelligence artificielle n'est rien à côté de la stupidité naturelle.
jdh
 
Message(s) : 731
Inscription : 02 Nov 2011 00:36
Localisation : Nantes - Angers

Re: SSH et Fail2Ban

Message par Cool34000 » 29 Jan 2012 11:17

Re,

Je viens de tester avec un auth.* puis un *.* et j'ai le même résultat dans les 2 cas :
Code : Tout sélectionner
Jan 29 11:08:50 debian-box rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="21159" x-info="http://www.rsyslog.com"] (re)start
Jan 29 11:09:01 debian-box CRON[21171]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 29 11:09:01 debian-box /USR/SBIN/CRON[21172]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -delete)
Jan 29 11:09:01 debian-box CRON[21171]: pam_unix(cron:session): session closed for user root
Jan 29 11:10:22 debian-box kernel: Kernel logging (proc) stopped.
Jan 29 11:10:22 debian-box rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="21159" x-info="http://www.rsyslog.com"] exiting on signal 15.
Jan 29 11:10:26 debian-box sshd[21205]: Accepted publickey for root from 192.168.0.100 port 63611 ssh2
Jan 29 11:10:26 debian-box sshd[21205]: subsystem request for sftp
Jan 29 11:10:27 debian-box sshd[21212]: Accepted publickey for root from 192.168.0.100 port 63612 ssh2
Jan 29 11:11:49 debian-box kernel: imklog 4.6.4, log source = /proc/kmsg started.
Jan 29 11:11:49 debian-box rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="21265" x-info="http://www.rsyslog.com"] (re)start
Jan 29 11:11:55 debian-box sshd[21277]: Accepted publickey for root from 192.168.0.100 port 63618 ssh2
Jan 29 11:11:55 debian-box sshd[21277]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 29 11:11:55 debian-box sshd[21277]: subsystem request for sftp
Jan 29 11:11:56 debian-box sshd[21284]: Accepted publickey for root from 192.168.0.100 port 63619 ssh2
Jan 29 11:11:56 debian-box sshd[21284]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 29 11:11:57 debian-box sshd[21277]: pam_unix(sshd:session): session closed for user root
Jan 29 11:11:58 debian-box sshd[21284]: pam_unix(sshd:session): session closed for user root

J'ai tenté bien entendu une connexion avec et sans la clé publique. Comme tu peux le voir, seule la connexion réussie apparait !
Je pense de plus en plus à un bug...
In a world without walls and fences, who needs windows and gates?
Cool34000
 
Message(s) : 199
Inscription : 12 Sep 2011 19:02
Localisation : Nimes, France

Re: SSH et Fail2Ban

Message par jdh » 29 Jan 2012 11:26

Un bug ? Non peu vraisemblable !

J'ai regardé http://blog.codefront.net/2007/02/28/de ... -problems/

Peut être dans tail -f /var/log/secure ?

...
L'intelligence artificielle n'est rien à côté de la stupidité naturelle.
jdh
 
Message(s) : 731
Inscription : 02 Nov 2011 00:36
Localisation : Nantes - Angers

Re: SSH et Fail2Ban

Message par Cool34000 » 29 Jan 2012 11:52

Et re...

Je n'ai pas de fichier /var/log/secure.log sur mon serveur...

Voila ce que j'obtiens en passant le LogLevel d'INFO à DEBUG3 sur le service SSH (le plus haut niveau de log) quand je me connecte sans la clé :
Code : Tout sélectionner
Jan 29 11:34:48 debian-box sshd[21350]: debug3: fd 4 is not O_NONBLOCK
Jan 29 11:34:48 debian-box sshd[21350]: debug1: Forked child 21432.
Jan 29 11:34:48 debian-box sshd[21350]: debug3: send_rexec_state: entering fd = 7 config len 674
Jan 29 11:34:48 debian-box sshd[21432]: debug3: oom_adjust_restore
Jan 29 11:34:48 debian-box sshd[21350]: debug3: ssh_msg_send: type 0
Jan 29 11:34:48 debian-box sshd[21432]: Set /proc/self/oom_adj to 0
Jan 29 11:34:48 debian-box sshd[21350]: debug3: send_rexec_state: done
Jan 29 11:34:48 debian-box sshd[21432]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Jan 29 11:34:48 debian-box sshd[21432]: debug1: inetd sockets after dupping: 3, 3
Jan 29 11:34:48 debian-box sshd[21432]: Connection from 192.168.0.100 port 63850
Jan 29 11:34:48 debian-box sshd[21432]: debug1: Client protocol version 2.0; client software version WinSCP_release_4.3.3
Jan 29 11:34:48 debian-box sshd[21432]: debug1: no match: WinSCP_release_4.3.3
Jan 29 11:34:48 debian-box sshd[21432]: debug1: Enabling compatibility mode for protocol 2.0
Jan 29 11:34:48 debian-box sshd[21432]: debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze1
Jan 29 11:34:48 debian-box sshd[21432]: debug2: fd 3 setting O_NONBLOCK
Jan 29 11:34:48 debian-box sshd[21432]: debug2: Network child is on pid 21435
Jan 29 11:34:48 debian-box sshd[21432]: debug3: preauth child monitor started
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_request_receive entering
Jan 29 11:34:48 debian-box sshd[21432]: debug3: monitor_read: checking request 0
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_answer_moduli: got parameters: 1024 2048 8192
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_request_send entering: type 1
Jan 29 11:34:48 debian-box sshd[21432]: debug2: monitor_read: 0 used once, disabling now
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_request_receive entering
Jan 29 11:34:48 debian-box sshd[21432]: debug3: monitor_read: checking request 5
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_answer_sign
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_answer_sign: signature 0xb8426890(271)
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_request_send entering: type 6
Jan 29 11:34:48 debian-box sshd[21432]: debug2: monitor_read: 5 used once, disabling now
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_request_receive entering
Jan 29 11:34:48 debian-box sshd[21432]: debug3: monitor_read: checking request 7
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_answer_pwnamallow
Jan 29 11:34:48 debian-box sshd[21432]: debug3: Trying to reverse map address 192.168.0.100.
Jan 29 11:34:48 debian-box sshd[21432]: debug2: parse_server_config: config reprocess config len 674
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_request_send entering: type 8
Jan 29 11:34:48 debian-box sshd[21432]: debug2: monitor_read: 7 used once, disabling now
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_request_receive entering
Jan 29 11:34:48 debian-box sshd[21432]: debug3: monitor_read: checking request 50
Jan 29 11:34:48 debian-box sshd[21432]: debug1: PAM: initializing for "root"
Jan 29 11:34:48 debian-box sshd[21432]: debug1: PAM: setting PAM_RHOST to "192.168.0.100"
Jan 29 11:34:48 debian-box sshd[21432]: debug1: PAM: setting PAM_TTY to "ssh"
Jan 29 11:34:48 debian-box sshd[21432]: debug2: monitor_read: 50 used once, disabling now
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_request_receive entering
Jan 29 11:34:48 debian-box sshd[21432]: debug3: monitor_read: checking request 3
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_answer_authserv: service=ssh-connection, style=, role=
Jan 29 11:34:48 debian-box sshd[21432]: debug2: monitor_read: 3 used once, disabling now
Jan 29 11:34:48 debian-box sshd[21432]: debug3: mm_request_receive entering
Jan 29 11:34:48 debian-box sshd[21432]: debug1: do_cleanup
Jan 29 11:34:48 debian-box sshd[21432]: debug1: PAM: cleanup
Jan 29 11:34:48 debian-box sshd[21432]: debug3: PAM: sshpam_thread_cleanup entering

Et voici ce que ça donne si la clé est fournie :
Code : Tout sélectionner
Jan 29 11:43:29 debian-box sshd[21350]: debug3: fd 4 is not O_NONBLOCK
Jan 29 11:43:29 debian-box sshd[21350]: debug1: Forked child 21446.
Jan 29 11:43:29 debian-box sshd[21350]: debug3: send_rexec_state: entering fd = 7 config len 674
Jan 29 11:43:29 debian-box sshd[21446]: debug3: oom_adjust_restore
Jan 29 11:43:29 debian-box sshd[21350]: debug3: ssh_msg_send: type 0
Jan 29 11:43:29 debian-box sshd[21350]: debug3: send_rexec_state: done
Jan 29 11:43:29 debian-box sshd[21446]: Set /proc/self/oom_adj to 0
Jan 29 11:43:29 debian-box sshd[21446]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Jan 29 11:43:29 debian-box sshd[21446]: debug1: inetd sockets after dupping: 3, 3
Jan 29 11:43:29 debian-box sshd[21446]: Connection from 192.168.0.100 port 63946
Jan 29 11:43:29 debian-box sshd[21446]: debug1: Client protocol version 2.0; client software version WinSCP_release_4.3.3
Jan 29 11:43:29 debian-box sshd[21446]: debug1: no match: WinSCP_release_4.3.3
Jan 29 11:43:29 debian-box sshd[21446]: debug1: Enabling compatibility mode for protocol 2.0
Jan 29 11:43:29 debian-box sshd[21446]: debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze1
Jan 29 11:43:29 debian-box sshd[21446]: debug2: fd 3 setting O_NONBLOCK
Jan 29 11:43:29 debian-box sshd[21446]: debug2: Network child is on pid 21449
Jan 29 11:43:29 debian-box sshd[21446]: debug3: preauth child monitor started
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: monitor_read: checking request 0
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_moduli: got parameters: 1024 2048 8192
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_send entering: type 1
Jan 29 11:43:29 debian-box sshd[21446]: debug2: monitor_read: 0 used once, disabling now
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: monitor_read: checking request 5
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_sign
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_sign: signature 0xb8d29890(271)
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_send entering: type 6
Jan 29 11:43:29 debian-box sshd[21446]: debug2: monitor_read: 5 used once, disabling now
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: monitor_read: checking request 7
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_pwnamallow
Jan 29 11:43:29 debian-box sshd[21446]: debug3: Trying to reverse map address 192.168.0.100.
Jan 29 11:43:29 debian-box sshd[21446]: debug2: parse_server_config: config reprocess config len 674
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_send entering: type 8
Jan 29 11:43:29 debian-box sshd[21446]: debug2: monitor_read: 7 used once, disabling now
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: monitor_read: checking request 50
Jan 29 11:43:29 debian-box sshd[21446]: debug1: PAM: initializing for "root"
Jan 29 11:43:29 debian-box sshd[21446]: debug1: PAM: setting PAM_RHOST to "192.168.0.100"
Jan 29 11:43:29 debian-box sshd[21446]: debug1: PAM: setting PAM_TTY to "ssh"
Jan 29 11:43:29 debian-box sshd[21446]: debug2: monitor_read: 50 used once, disabling now
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: monitor_read: checking request 3
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_authserv: service=ssh-connection, style=, role=
Jan 29 11:43:29 debian-box sshd[21446]: debug2: monitor_read: 3 used once, disabling now
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: monitor_read: checking request 21
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_keyallowed entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_keyallowed: key_from_blob: 0xb8d2db28
Jan 29 11:43:29 debian-box sshd[21446]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
Jan 29 11:43:29 debian-box sshd[21446]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
Jan 29 11:43:29 debian-box sshd[21446]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Jan 29 11:43:29 debian-box sshd[21446]: debug1: trying public key file /root/.ssh/authorized_keys
Jan 29 11:43:29 debian-box sshd[21446]: debug1: fd 4 clearing O_NONBLOCK
Jan 29 11:43:29 debian-box sshd[21446]: debug3: secure_filename: checking '/root/.ssh'
Jan 29 11:43:29 debian-box sshd[21446]: debug3: secure_filename: checking '/root'
Jan 29 11:43:29 debian-box sshd[21446]: debug3: secure_filename: terminating check at '/root'
Jan 29 11:43:29 debian-box sshd[21446]: debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Jan 29 11:43:29 debian-box sshd[21446]: Found matching RSA key: 9d:89:3d:b5:36:3e:1b:a3:09:06:8a:af:46:5a:d5:ed
Jan 29 11:43:29 debian-box sshd[21446]: debug1: restore_uid: 0/0
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_keyallowed: key 0xb8d2db28 is allowed
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_send entering: type 22
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: monitor_read: checking request 21
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_keyallowed entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_keyallowed: key_from_blob: 0xb8d2dc00
Jan 29 11:43:29 debian-box sshd[21446]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
Jan 29 11:43:29 debian-box sshd[21446]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
Jan 29 11:43:29 debian-box sshd[21446]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Jan 29 11:43:29 debian-box sshd[21446]: debug1: trying public key file /root/.ssh/authorized_keys
Jan 29 11:43:29 debian-box sshd[21446]: debug1: fd 4 clearing O_NONBLOCK
Jan 29 11:43:29 debian-box sshd[21446]: debug3: secure_filename: checking '/root/.ssh'
Jan 29 11:43:29 debian-box sshd[21446]: debug3: secure_filename: checking '/root'
Jan 29 11:43:29 debian-box sshd[21446]: debug3: secure_filename: terminating check at '/root'
Jan 29 11:43:29 debian-box sshd[21446]: debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Jan 29 11:43:29 debian-box sshd[21446]: Found matching RSA key: 9d:89:3d:b5:36:3e:1b:a3:09:06:8a:af:46:5a:d5:ed
Jan 29 11:43:29 debian-box sshd[21446]: debug1: restore_uid: 0/0
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_keyallowed: key 0xb8d2dc00 is allowed
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_send entering: type 22
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: monitor_read: checking request 23
Jan 29 11:43:29 debian-box sshd[21446]: debug1: ssh_rsa_verify: signature correct
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_answer_keyverify: key 0xb8d2dbf0 signature verified
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_send entering: type 24
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive_expect entering: type 51
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive entering
Jan 29 11:43:29 debian-box sshd[21446]: debug1: do_pam_account: called
Jan 29 11:43:29 debian-box sshd[21446]: debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_send entering: type 52
Jan 29 11:43:29 debian-box sshd[21446]: Accepted publickey for root from 192.168.0.100 port 63946 ssh2
Jan 29 11:43:29 debian-box sshd[21446]: debug1: monitor_child_preauth: root has been authenticated by privileged process
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_get_keystate: Waiting for new keys
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive_expect entering: type 25
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_request_receive entering
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_newkeys_from_blob: 0xb8d2aec0(139)
Jan 29 11:43:29 debian-box sshd[21446]: debug2: mac_setup: found hmac-sha1
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_get_keystate: Waiting for second key
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_newkeys_from_blob: 0xb8d2aec0(139)
Jan 29 11:43:29 debian-box sshd[21446]: debug2: mac_setup: found hmac-sha1
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_get_keystate: Getting compression state
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_get_keystate: Getting Network I/O buffers
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_share_sync: Share sync
Jan 29 11:43:29 debian-box sshd[21446]: debug3: mm_share_sync: Share sync end
Jan 29 11:43:29 debian-box sshd[21446]: debug1: PAM: establishing credentials
Jan 29 11:43:29 debian-box sshd[21446]: debug3: PAM: opening session
Jan 29 11:43:29 debian-box sshd[21446]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 29 11:43:29 debian-box sshd[21446]: debug3: PAM: sshpam_store_conv called with 1 messages
Jan 29 11:43:29 debian-box sshd[21446]: debug2: set_newkeys: mode 0
Jan 29 11:43:29 debian-box sshd[21446]: debug2: cipher_init: set keylen (16 -> 32)
Jan 29 11:43:29 debian-box sshd[21446]: debug2: set_newkeys: mode 1
Jan 29 11:43:29 debian-box sshd[21446]: debug2: cipher_init: set keylen (16 -> 32)
Jan 29 11:43:29 debian-box sshd[21446]: debug1: Entering interactive session for SSH2.
Jan 29 11:43:29 debian-box sshd[21446]: debug2: fd 4 setting O_NONBLOCK
Jan 29 11:43:29 debian-box sshd[21446]: debug2: fd 5 setting O_NONBLOCK
Jan 29 11:43:29 debian-box sshd[21446]: debug1: server_init_dispatch_20
Jan 29 11:43:29 debian-box sshd[21446]: debug1: server_input_channel_open: ctype session rchan 256 win 2147483647 max 16384
Jan 29 11:43:29 debian-box sshd[21446]: debug1: input_session_request
Jan 29 11:43:29 debian-box sshd[21446]: debug1: channel 0: new [server-session]
Jan 29 11:43:29 debian-box sshd[21446]: debug2: session_new: allocate (allocated 0 max 10)
Jan 29 11:43:29 debian-box sshd[21446]: debug3: session_unused: session id 0 unused
Jan 29 11:43:29 debian-box sshd[21446]: debug1: session_new: session 0
Jan 29 11:43:29 debian-box sshd[21446]: debug1: session_open: channel 0
Jan 29 11:43:29 debian-box sshd[21446]: debug1: session_open: session 0: link with channel 0
Jan 29 11:43:29 debian-box sshd[21446]: debug1: server_input_channel_open: confirm session
Jan 29 11:43:29 debian-box sshd[21446]: debug1: server_input_channel_req: channel 0 request simple@putty.projects.tartarus.org reply 0
Jan 29 11:43:29 debian-box sshd[21446]: debug1: session_by_channel: session 0 channel 0
Jan 29 11:43:29 debian-box sshd[21446]: debug1: session_input_channel_req: session 0 req simple@putty.projects.tartarus.org
Jan 29 11:43:29 debian-box sshd[21446]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
Jan 29 11:43:29 debian-box sshd[21446]: debug1: session_by_channel: session 0 channel 0
Jan 29 11:43:29 debian-box sshd[21446]: debug1: session_input_channel_req: session 0 req subsystem
Jan 29 11:43:29 debian-box sshd[21446]: subsystem request for sftp
Jan 29 11:43:29 debian-box sshd[21446]: debug1: subsystem: exec() /usr/lib/openssh/sftp-server
Jan 29 11:43:29 debian-box sshd[21446]: debug2: fd 3 setting TCP_NODELAY
Jan 29 11:43:29 debian-box sshd[21446]: debug2: fd 8 setting O_NONBLOCK
Jan 29 11:43:29 debian-box sshd[21446]: debug2: fd 7 setting O_NONBLOCK
Jan 29 11:43:29 debian-box sshd[21450]: debug1: SELinux support disabled
Jan 29 11:43:29 debian-box sshd[21450]: debug1: PAM: reinitializing credentials
Jan 29 11:43:29 debian-box sshd[21450]: debug1: permanently_set_uid: 0/0
Jan 29 11:43:29 debian-box sshd[21450]: debug3: Copy environment: LANG=fr_FR@euro
Jan 29 11:43:29 debian-box sshd[21450]: debug3: channel 0: close_fds r -1 w -1 e -1
Jan 29 11:43:30 debian-box sshd[21350]: debug3: fd 4 is not O_NONBLOCK
Jan 29 11:43:30 debian-box sshd[21350]: debug1: Forked child 21453.
Jan 29 11:43:30 debian-box sshd[21350]: debug3: send_rexec_state: entering fd = 7 config len 674
Jan 29 11:43:30 debian-box sshd[21453]: debug3: oom_adjust_restore
Jan 29 11:43:30 debian-box sshd[21350]: debug3: ssh_msg_send: type 0
Jan 29 11:43:30 debian-box sshd[21350]: debug3: send_rexec_state: done
Jan 29 11:43:30 debian-box sshd[21453]: Set /proc/self/oom_adj to 0
Jan 29 11:43:30 debian-box sshd[21453]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Jan 29 11:43:30 debian-box sshd[21453]: debug1: inetd sockets after dupping: 3, 3
Jan 29 11:43:30 debian-box sshd[21453]: Connection from 192.168.0.100 port 63947
Jan 29 11:43:30 debian-box sshd[21453]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.60
Jan 29 11:43:30 debian-box sshd[21453]: debug1: no match: PuTTY_Release_0.60
Jan 29 11:43:30 debian-box sshd[21453]: debug1: Enabling compatibility mode for protocol 2.0
Jan 29 11:43:30 debian-box sshd[21453]: debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze1
Jan 29 11:43:30 debian-box sshd[21453]: debug2: fd 3 setting O_NONBLOCK
Jan 29 11:43:30 debian-box sshd[21453]: debug2: Network child is on pid 21456
Jan 29 11:43:30 debian-box sshd[21453]: debug3: preauth child monitor started
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: monitor_read: checking request 0
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_moduli: got parameters: 1024 4096 8192
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_send entering: type 1
Jan 29 11:43:30 debian-box sshd[21453]: debug2: monitor_read: 0 used once, disabling now
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: monitor_read: checking request 5
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_sign
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_sign: signature 0xb8da8df0(271)
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_send entering: type 6
Jan 29 11:43:30 debian-box sshd[21453]: debug2: monitor_read: 5 used once, disabling now
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: monitor_read: checking request 7
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_pwnamallow
Jan 29 11:43:30 debian-box sshd[21453]: debug3: Trying to reverse map address 192.168.0.100.
Jan 29 11:43:30 debian-box sshd[21453]: debug2: parse_server_config: config reprocess config len 674
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_send entering: type 8
Jan 29 11:43:30 debian-box sshd[21453]: debug2: monitor_read: 7 used once, disabling now
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: monitor_read: checking request 50
Jan 29 11:43:30 debian-box sshd[21453]: debug1: PAM: initializing for "root"
Jan 29 11:43:30 debian-box sshd[21453]: debug1: PAM: setting PAM_RHOST to "192.168.0.100"
Jan 29 11:43:30 debian-box sshd[21453]: debug1: PAM: setting PAM_TTY to "ssh"
Jan 29 11:43:30 debian-box sshd[21453]: debug2: monitor_read: 50 used once, disabling now
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: monitor_read: checking request 3
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_authserv: service=ssh-connection, style=, role=
Jan 29 11:43:30 debian-box sshd[21453]: debug2: monitor_read: 3 used once, disabling now
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: monitor_read: checking request 21
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_keyallowed entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_keyallowed: key_from_blob: 0xb8dabb28
Jan 29 11:43:30 debian-box sshd[21453]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
Jan 29 11:43:30 debian-box sshd[21453]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
Jan 29 11:43:30 debian-box sshd[21453]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Jan 29 11:43:30 debian-box sshd[21453]: debug1: trying public key file /root/.ssh/authorized_keys
Jan 29 11:43:30 debian-box sshd[21453]: debug1: fd 4 clearing O_NONBLOCK
Jan 29 11:43:30 debian-box sshd[21453]: debug3: secure_filename: checking '/root/.ssh'
Jan 29 11:43:30 debian-box sshd[21453]: debug3: secure_filename: checking '/root'
Jan 29 11:43:30 debian-box sshd[21453]: debug3: secure_filename: terminating check at '/root'
Jan 29 11:43:30 debian-box sshd[21453]: debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Jan 29 11:43:30 debian-box sshd[21453]: Found matching RSA key: 9d:89:3d:b5:36:3e:1b:a3:09:06:8a:af:46:5a:d5:ed
Jan 29 11:43:30 debian-box sshd[21453]: debug1: restore_uid: 0/0
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_keyallowed: key 0xb8dabb28 is allowed
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_send entering: type 22
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: monitor_read: checking request 21
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_keyallowed entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_keyallowed: key_from_blob: 0xb8dabc00
Jan 29 11:43:30 debian-box sshd[21453]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
Jan 29 11:43:30 debian-box sshd[21453]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
Jan 29 11:43:30 debian-box sshd[21453]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Jan 29 11:43:30 debian-box sshd[21453]: debug1: trying public key file /root/.ssh/authorized_keys
Jan 29 11:43:30 debian-box sshd[21453]: debug1: fd 4 clearing O_NONBLOCK
Jan 29 11:43:30 debian-box sshd[21453]: debug3: secure_filename: checking '/root/.ssh'
Jan 29 11:43:30 debian-box sshd[21453]: debug3: secure_filename: checking '/root'
Jan 29 11:43:30 debian-box sshd[21453]: debug3: secure_filename: terminating check at '/root'
Jan 29 11:43:30 debian-box sshd[21453]: debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Jan 29 11:43:30 debian-box sshd[21453]: Found matching RSA key: 9d:89:3d:b5:36:3e:1b:a3:09:06:8a:af:46:5a:d5:ed
Jan 29 11:43:30 debian-box sshd[21453]: debug1: restore_uid: 0/0
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_keyallowed: key 0xb8dabc00 is allowed
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_send entering: type 22
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: monitor_read: checking request 23
Jan 29 11:43:30 debian-box sshd[21453]: debug1: ssh_rsa_verify: signature correct
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_answer_keyverify: key 0xb8dabbf0 signature verified
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_send entering: type 24
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive_expect entering: type 51
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive entering
Jan 29 11:43:30 debian-box sshd[21453]: debug1: do_pam_account: called
Jan 29 11:43:30 debian-box sshd[21453]: debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_send entering: type 52
Jan 29 11:43:30 debian-box sshd[21453]: Accepted publickey for root from 192.168.0.100 port 63947 ssh2
Jan 29 11:43:30 debian-box sshd[21453]: debug1: monitor_child_preauth: root has been authenticated by privileged process
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_get_keystate: Waiting for new keys
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive_expect entering: type 25
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_request_receive entering
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_newkeys_from_blob: 0xb8dad988(139)
Jan 29 11:43:30 debian-box sshd[21453]: debug2: mac_setup: found hmac-sha1
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_get_keystate: Waiting for second key
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_newkeys_from_blob: 0xb8dad988(139)
Jan 29 11:43:30 debian-box sshd[21453]: debug2: mac_setup: found hmac-sha1
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_get_keystate: Getting compression state
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_get_keystate: Getting Network I/O buffers
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_share_sync: Share sync
Jan 29 11:43:30 debian-box sshd[21453]: debug3: mm_share_sync: Share sync end
Jan 29 11:43:30 debian-box sshd[21453]: debug1: PAM: establishing credentials
Jan 29 11:43:30 debian-box sshd[21453]: debug3: PAM: opening session
Jan 29 11:43:30 debian-box sshd[21453]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 29 11:43:30 debian-box sshd[21453]: debug3: PAM: sshpam_store_conv called with 1 messages
Jan 29 11:43:30 debian-box sshd[21453]: debug2: set_newkeys: mode 0
Jan 29 11:43:30 debian-box sshd[21453]: debug2: cipher_init: set keylen (16 -> 32)
Jan 29 11:43:30 debian-box sshd[21453]: debug2: set_newkeys: mode 1
Jan 29 11:43:30 debian-box sshd[21453]: debug2: cipher_init: set keylen (16 -> 32)
Jan 29 11:43:30 debian-box sshd[21453]: debug1: Entering interactive session for SSH2.
Jan 29 11:43:30 debian-box sshd[21453]: debug2: fd 4 setting O_NONBLOCK
Jan 29 11:43:30 debian-box sshd[21453]: debug2: fd 5 setting O_NONBLOCK
Jan 29 11:43:30 debian-box sshd[21453]: debug1: server_init_dispatch_20
Jan 29 11:43:30 debian-box sshd[21453]: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
Jan 29 11:43:30 debian-box sshd[21453]: debug1: input_session_request
Jan 29 11:43:30 debian-box sshd[21453]: debug1: channel 0: new [server-session]
Jan 29 11:43:30 debian-box sshd[21453]: debug2: session_new: allocate (allocated 0 max 10)
Jan 29 11:43:30 debian-box sshd[21453]: debug3: session_unused: session id 0 unused
Jan 29 11:43:30 debian-box sshd[21453]: debug1: session_new: session 0
Jan 29 11:43:30 debian-box sshd[21453]: debug1: session_open: channel 0
Jan 29 11:43:30 debian-box sshd[21453]: debug1: session_open: session 0: link with channel 0
Jan 29 11:43:30 debian-box sshd[21453]: debug1: server_input_channel_open: confirm session
Jan 29 11:43:30 debian-box sshd[21453]: debug1: server_input_channel_req: channel 0 request pty-req reply 1
Jan 29 11:43:30 debian-box sshd[21453]: debug1: session_by_channel: session 0 channel 0
Jan 29 11:43:30 debian-box sshd[21453]: debug1: session_input_channel_req: session 0 req pty-req
Jan 29 11:43:30 debian-box sshd[21453]: debug1: Allocating pty.
Jan 29 11:43:30 debian-box sshd[21453]: debug1: session_pty_req: session 0 alloc /dev/pts/1
Jan 29 11:43:30 debian-box sshd[21453]: debug1: SELinux support disabled
Jan 29 11:43:30 debian-box sshd[21453]: debug1: server_input_channel_req: channel 0 request shell reply 1
Jan 29 11:43:30 debian-box sshd[21453]: debug1: session_by_channel: session 0 channel 0
Jan 29 11:43:30 debian-box sshd[21453]: debug1: session_input_channel_req: session 0 req shell
Jan 29 11:43:30 debian-box sshd[21453]: debug2: fd 3 setting TCP_NODELAY
Jan 29 11:43:30 debian-box sshd[21453]: debug2: channel 0: rfd 8 isatty
Jan 29 11:43:30 debian-box sshd[21453]: debug2: fd 8 setting O_NONBLOCK
Jan 29 11:43:30 debian-box sshd[21457]: debug1: Setting controlling tty using TIOCSCTTY.
Jan 29 11:43:30 debian-box sshd[21453]: debug3: fd 6 is O_NONBLOCK
Jan 29 11:43:30 debian-box sshd[21457]: debug1: PAM: reinitializing credentials
Jan 29 11:43:30 debian-box sshd[21457]: debug1: permanently_set_uid: 0/0
Jan 29 11:43:30 debian-box sshd[21457]: debug3: Copy environment: LANG=fr_FR@euro
Jan 29 11:43:30 debian-box sshd[21457]: debug3: channel 0: close_fds r -1 w -1 e -1
Jan 29 11:43:32 debian-box sshd[21446]: debug2: channel 0: rcvd eof
Jan 29 11:43:32 debian-box sshd[21446]: debug2: channel 0: output open -> drain
Jan 29 11:43:32 debian-box sshd[21446]: debug2: channel 0: obuf empty
Jan 29 11:43:32 debian-box sshd[21446]: debug2: channel 0: close_write
Jan 29 11:43:32 debian-box sshd[21446]: debug2: channel 0: output drain -> closed
Jan 29 11:43:32 debian-box sshd[21446]: Connection closed by 192.168.0.100
Jan 29 11:43:32 debian-box sshd[21446]: debug1: channel 0: free: server-session, nchannels 1
Jan 29 11:43:32 debian-box sshd[21446]: debug3: channel 0: status: The following connections are open:\r\n  #0 server-session (t4 r256 i0/0 o3/0 fd 8/-1 cc -1)\r\n
Jan 29 11:43:32 debian-box sshd[21446]: debug3: channel 0: close_fds r 8 w -1 e -1
Jan 29 11:43:32 debian-box sshd[21446]: debug1: session_close: session 0 pid 21450
Jan 29 11:43:32 debian-box sshd[21446]: debug3: session_unused: session id 0 unused
Jan 29 11:43:32 debian-box sshd[21446]: debug1: do_cleanup
Jan 29 11:43:32 debian-box sshd[21446]: debug1: PAM: cleanup
Jan 29 11:43:32 debian-box sshd[21446]: debug1: PAM: closing session
Jan 29 11:43:32 debian-box sshd[21446]: pam_unix(sshd:session): session closed for user root
Jan 29 11:43:32 debian-box sshd[21446]: debug1: PAM: deleting credentials
Jan 29 11:43:32 debian-box sshd[21446]: debug3: PAM: sshpam_thread_cleanup entering
Jan 29 11:43:32 debian-box sshd[21446]: Transferred: sent 4456, received 2688 bytes
Jan 29 11:43:32 debian-box sshd[21446]: Closing connection to 192.168.0.100 port 63946
Jan 29 11:43:33 debian-box sshd[21453]: debug1: Received SIGCHLD.
Jan 29 11:43:33 debian-box sshd[21453]: debug1: session_by_pid: pid 21457
Jan 29 11:43:33 debian-box sshd[21453]: debug1: session_exit_message: session 0 channel 0 pid 21457
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: request exit-status confirm 0
Jan 29 11:43:33 debian-box sshd[21453]: debug1: session_exit_message: release channel 0
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: write failed
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: close_write
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: send eow
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: output open -> closed
Jan 29 11:43:33 debian-box sshd[21453]: debug1: session_pty_cleanup: session 0 release /dev/pts/1
Jan 29 11:43:33 debian-box sshd[21453]: debug2: notify_done: reading
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: read<=0 rfd 8 len -1
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: read failed
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: close_read
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: input open -> drain
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: ibuf empty
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: send eof
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: input drain -> closed
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: send close
Jan 29 11:43:33 debian-box sshd[21453]: debug3: channel 0: will not send data after close
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: rcvd close
Jan 29 11:43:33 debian-box sshd[21453]: debug3: channel 0: will not send data after close
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: is dead
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: gc: notify user
Jan 29 11:43:33 debian-box sshd[21453]: debug1: session_by_channel: session 0 channel 0
Jan 29 11:43:33 debian-box sshd[21453]: debug1: session_close_by_channel: channel 0 child 0
Jan 29 11:43:33 debian-box sshd[21453]: debug1: session_close: session 0 pid 0
Jan 29 11:43:33 debian-box sshd[21453]: debug3: session_unused: session id 0 unused
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: gc: user detached
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: is dead
Jan 29 11:43:33 debian-box sshd[21453]: debug2: channel 0: garbage collecting
Jan 29 11:43:33 debian-box sshd[21453]: debug1: channel 0: free: server-session, nchannels 1
Jan 29 11:43:33 debian-box sshd[21453]: debug3: channel 0: status: The following connections are open:\r\n  #0 server-session (t4 r256 i3/0 o3/0 fd -1/-1 cc -1)\r\n
Jan 29 11:43:33 debian-box sshd[21453]: debug3: channel 0: close_fds r -1 w -1 e -1
Jan 29 11:43:33 debian-box sshd[21453]: Connection closed by 192.168.0.100
Jan 29 11:43:33 debian-box sshd[21453]: debug1: do_cleanup
Jan 29 11:43:33 debian-box sshd[21453]: debug1: PAM: cleanup
Jan 29 11:43:33 debian-box sshd[21453]: debug1: PAM: closing session
Jan 29 11:43:33 debian-box sshd[21453]: pam_unix(sshd:session): session closed for user root
Jan 29 11:43:33 debian-box sshd[21453]: debug1: PAM: deleting credentials
Jan 29 11:43:33 debian-box sshd[21453]: debug3: PAM: sshpam_thread_cleanup entering
Jan 29 11:43:33 debian-box sshd[21453]: Transferred: sent 4456, received 2440 bytes
Jan 29 11:43:33 debian-box sshd[21453]: Closing connection to 192.168.0.100 port 63947

Bizarre...
In a world without walls and fences, who needs windows and gates?
Cool34000
 
Message(s) : 199
Inscription : 12 Sep 2011 19:02
Localisation : Nimes, France

Re: SSH et Fail2Ban

Message par jdh » 29 Jan 2012 12:05

Je reste circonspect dans ton choix "PasswordAuthentication".
J'aurais plutôt vu "PubkeyAuthentication" mais je ne suis pas spécialiste.

Les 2 man utiles sont
- http://www.manpagez.com/man/8/sshd/
- http://www.manpagez.com/man/5/sshd_config/

Pour le premier, la section "AUTHENTIFICATION" décrit le processus mais ne précise pas ce qui se passe après échange de clé si incorrect.
Il est connu qu'il ne faut plus utiliser le protocol v1 mais uniquement la v2 ("Protocol 2" par défaut).

(-ddd donne vraiment trop de détails !)

Côté Fail2Ban, le lien http://od-eon.com/blogs/stefan/fail2ban ... etication/ semble parler du sujet (encore faut-il faire apparaitre la ligne dans le log ...).
L'intelligence artificielle n'est rien à côté de la stupidité naturelle.
jdh
 
Message(s) : 731
Inscription : 02 Nov 2011 00:36
Localisation : Nantes - Angers

Re: SSH et Fail2Ban

Message par Cool34000 » 29 Jan 2012 13:17

Salut,

Pour l'option PasswordAuthentication, elle est à "no" sur mon serveur pour désactiver l'utilisation des mots de passe standard (donc clé publique ou rien !)
L'option semble être la bonne puisque lorsque je tente de me connecter avec un user+pass, j'ai l'erreur suivante renvoyée par PuTTY :
Disconnected: No supported authentication methods available (server sent: publickey)

L'option PubkeyAuthentication est activée par défaut et permet l'utilisation de clés publiques/privées... Donc rien à changer.
Enfin, la version 1 du protocole SSH est désactivée par défaut (du moins sous Debian).

J'ai effectivement testé de modifier la regexp de Fail2Ban avant de poster ma 1ère question, mais vu que le log SSH ne remonte rien, la modification ne marche pas... Logique... Je cherche toujours !

Merci pour tes pistes en tout cas.
In a world without walls and fences, who needs windows and gates?
Cool34000
 
Message(s) : 199
Inscription : 12 Sep 2011 19:02
Localisation : Nimes, France

Suivant

Retour vers Sécurité et réseaux

Qui est en ligne ?

Utilisateur(s) parcourant ce forum : Aucun utilisateur inscrit et 0 invité(s)

cron