[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] SSH access when off at GUI ??
- Subject: [cobalt-security] SSH access when off at GUI ??
- From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
- Date: Thu, 30 Aug 2001 15:49:21 +1200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi yah again,
Another question :>
With Telnet/Shell deactivated from GUI I noticed this in my logs this
afternoon...has this been an attempt to access via ssh or has the user
actually managed to get in as it has accepted a password?? The account has
now been suspended but curious as to how he can manage when GUI telnet/shell
is deactivated (xxx.xxx.xxx.xxx denotes our IP)
Aug 29 09:27:57 ns sshd[16229]: PAM pam_set_item: NULL pam handle passed
Aug 29 09:28:16 ns sshd[16229]: PAM pam_set_item: NULL pam handle passed
Aug 29 09:28:16 ns sshd[16229]: Failed password for illegal user Cameron
Hart from 172.189.130.184 port 1732
Aug 29 09:28:16 ns sshd[16229]: Connection closed by 172.189.130.184
Aug 29 09:28:45 ns sshd[16250]: Accepted password for cameron from
172.189.130.184 port 1734
Aug 29 09:28:46 ns PAM_pwdb[16250]: (sshd) session opened for user cameron
by (uid=0)
Aug 29 09:28:46 ns PAM_pwdb[16250]: (sshd) session closed for user cameron
Last login: Wed Aug 29 09:28:46 2001 from acbd82b8.ipt.aol.com <---- from
ssh logs
Aug 29 10:00:33 ns proftpd[16290]: xxx.xxx.xxx.xxx
(ACBD82B8.ipt.aol.com[172.189.130.184]) - FTP no transfer timeout,
disconnected.
Regards
Chae