[olug] Email a report on SSH
David Cannon
medaveduh at gmail.com
Fri Apr 20 16:14:06 UTC 2012
Hello,
I have set up an SSH tunnel into an Ubuntu 10.10 machine. I disabled
passwords and only use a private key. I have been using it to proxy my web
traffic securely when I travel. Sometimes you just cant trust any old
WIFI. Recently my log files have been a little large. the
/var/log/auth.log file is showing multiple attempts to login. I have
turned the logging to verbose so I can see what is going on but I am not
home all of the time. This brings me to the issue.
I have two questions.
1. I was looking into port security and came across "Knocking". Has
anyone used "Knocking" to open a port?
2. Anyone know a good place to get information on the setting it up to
email me when someone tries to log in? I want to know the originating IP
address and the password they used. Passwords will all fail but I would
like to know if someone is foolishly trying to brute force it and where
they are coming from. I would like an email sent to me each time it
happens. I did find a couple sites detailing a way to email when someone
logs in, but I am more interested in finding out when someone fails.
Any info you could pass on would be great.
Thanks,
David
More information about the OLUG
mailing list