home about
blog 2003 2004 2005 2006 2007 2008 2017 2018 2019 2020
tech android linux vim

27: snow time

2006-11-27 08:40

Tags: weather snow admin web frustration Location: 1337

Well, in holding with past tradition it's begun snowing right after Thanksgiving weekend.

snow!

snow!

This is not a problem for me, or shouldn't be at any rate. I don't have especially far to go to get home and it's all city streets which should stay relatively snow-free throughout the day. (Not that it's snowing enough to accumulate here in town...) Besides which, my car is more than up to the challenge of a little snow or ice.

The odd thing is that it's nearly 09:00 and I'm still the only one in the department who's at work. Strange.

13:12: zzzzz

Tags: weather snow security ssh

It's still spitting slush off and on outside and I'm falling asleep. Not much in the way of real snow at the moment since we're up to about 3.3°C, but maybe by this evening: according to the forecast there's a possibility of up to about 5cm of snow tonight. (I'm somewhat skeptical.)

I noticed last night that someone's been hitting the sshd on my home web server pretty hard. Here are some sample lines from the secure.log:

Nov 25 03:30:40 kitami com.apple.SecurityServer: authinternal failed to authenticate user test.
Nov 25 03:30:40 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 03:30:49 kitami com.apple.SecurityServer: authinternal failed to authenticate user guest.
Nov 25 03:30:49 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 03:30:59 kitami com.apple.SecurityServer: authinternal failed to authenticate user admin.
Nov 25 03:30:59 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 03:31:08 kitami com.apple.SecurityServer: authinternal failed to authenticate user admin.
Nov 25 03:31:08 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 03:31:18 kitami com.apple.SecurityServer: authinternal failed to authenticate user user.
Nov 25 03:31:18 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 03:31:27 kitami com.apple.SecurityServer: authinternal failed to authenticate user root.
Nov 25 03:31:27 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 03:31:37 kitami com.apple.SecurityServer: authinternal failed to authenticate user root.
Nov 25 03:31:37 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 03:31:50 kitami com.apple.SecurityServer: authinternal failed to authenticate user root.
Nov 25 03:31:50 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 09:27:03 kitami com.apple.SecurityServer: authinternal failed to authenticate user staff.
Nov 25 09:27:03 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:28:04 kitami com.apple.SecurityServer: authinternal failed to authenticate user root.
Nov 25 16:28:04 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:28:14 kitami com.apple.SecurityServer: authinternal failed to authenticate user fluffy.
Nov 25 16:28:14 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:28:23 kitami com.apple.SecurityServer: authinternal failed to authenticate user admin.
Nov 25 16:28:23 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:28:32 kitami com.apple.SecurityServer: authinternal failed to authenticate user test.
Nov 25 16:28:32 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:28:41 kitami com.apple.SecurityServer: authinternal failed to authenticate user guest.
Nov 25 16:28:41 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:28:50 kitami com.apple.SecurityServer: authinternal failed to authenticate user webmaster.
Nov 25 16:28:50 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:28:59 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:29:09 kitami com.apple.SecurityServer: authinternal failed to authenticate user oracle.
Nov 25 16:29:09 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:29:18 kitami com.apple.SecurityServer: authinternal failed to authenticate user library.
Nov 25 16:29:18 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:29:27 kitami com.apple.SecurityServer: authinternal failed to authenticate user info.
Nov 25 16:29:27 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:29:36 kitami com.apple.SecurityServer: authinternal failed to authenticate user shell.
Nov 25 16:29:36 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:29:45 kitami com.apple.SecurityServer: authinternal failed to authenticate user linux.
Nov 25 16:29:45 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:29:54 kitami com.apple.SecurityServer: authinternal failed to authenticate user unix.
Nov 25 16:29:54 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:30:04 kitami com.apple.SecurityServer: authinternal failed to authenticate user webadmin.
Nov 25 16:30:04 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:30:13 kitami com.apple.SecurityServer: authinternal failed to authenticate user ftp.
Nov 25 16:30:13 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:30:22 kitami com.apple.SecurityServer: authinternal failed to authenticate user test.
Nov 25 16:30:22 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:30:31 kitami com.apple.SecurityServer: authinternal failed to authenticate user root.
Nov 25 16:30:31 kitami com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
Nov 25 16:30:40 kitami com.apple.SecurityServer: authinternal failed to authenticate user admin.

Unsurprisingly none of these users exist (or if they do they have no ability to log in). Not only that, but my sshd_config is set up to be pretty strict in terms of who can ssh in anyway, so even had they somehow guessed the username and password correctly they still wouldn't have gotten in...

Still and all, it was a good excuse to do an sshd audit and make sure I'm secure as can be (as well as cycling my passwords to new ones -- something we all probably need to do more often). For fun I also changed the log level of sshd so maybe I'll get a bit more information about the attempted cracker(s) (and their system(s)).

22:07: Byline of doom

Tags: funny snow weather

A funny typo in a serious article (check the tag-line):

homelessness

"homelessness" is what they meant

And some snow photos:

snow on my condo deck

snow on my condo deck (the thermometer reads about 1°C

snow blanketing the city

snow blanketing the city





© 1995-2020 clover