similar to: Running an rsync server over a remote shell program

Hi there ! I have an issue with my OpenSSH + PAM configuration on a RedHat Advanced server 2..1 I want to authenticate users connecting to a server using ssh against a radius server. The radius client/server part works ok when I test it with some utilities. I think I have a problem with my ssh which does not pass the username/password to my pam sshd module. I have upgraded to openssh-4.2p1.

Hi, I?ve posted this before but no one was able to help. I can?t figure out what they are trying to do, and if I should be concerned. I am running dovecot version 0.99.14 on Fedora Core 4. It appears that my dovecot server is under attack. This morning in my system e-mail I saw this: dovecot: Authentication Failures: rhost= : 23431 Time(s)

I noticed that my server has a lot ca. 1000x auth failure from different alocated in China / Romania and Netherlands per day since 3 days It looks to me like somebody was trying to get into server by guessing my password by brute force. what would be the best to stop this attack and how? the server running apache mysql and ftp PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 443/tcp

Uhum, i tested with ssh:  ssh XXX at FILESERVER  journalctl -f Jan 16 18:28:42 HOSTNAME  sshd[2250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=IP-SOURCE  user=XXXXX Jan 16 18:28:43 HOSTNAME  sshd[2250]: Failed password for XXXX from IP-SOURCE  port 39896 ssh2 Regards; On 16-01-2018 18:25, Rowland Penny via samba wrote: > On Tue, 16 Jan

Hi there, I know this is the classic RTFM list question but... I've really tried hard on this and no result! This is what I'm receving from logcheck: System Events =-=-=-=-=-=-= Apr 3 06:55:13 bsg sshd[32246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226 user=root Apr 3 06:55:19 bsg sshd[32248]: pam_unix(sshd:auth):

We upgraded our Centos 4.3 box's samba from 3.0.10 to 3.0.22 using sernet.de rpms. Prior to upgrading, we had this box authenticating to AD just fine, but now it is broken. Here is part of my log file that might show what is going on. Jun 13 09:21:06 cent02 login(pam_unix)[2728]: check pass; user unknown Jun 13 09:21:06 cent02 login(pam_unix)[2728]: authentication failure; logname=LOGIN

>From my secure log: Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user aaron Sep 19 01:16:45 lin12

Hi! I?m new to the list, and I?m not really having a ?problem?, but I?m seeing something in my log files that I wonder if I should be concerned. I?ve been using Dovecot (dovecot-0.99.14-8.fc4) on my Fedora Core 4 (kernel 2.6.17-1.2142_FC4) machine from quite some time. For the last few days, I?ve been seeing this in my daily ?Logwatch? e-mail: dovecot: Authentication Failures:

On 28/06/2023 17:52, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> I didn't try turning the last one off, but at least you are getting >> somewhere :-) > > With very little steps... ;-) > > >> When you say 'back to login screen', do you mean that you cannot just >> click the screen,

Hai.   Config. Debian Stretch, samba 4.7.7. member server AD backend. Network setup like in the howtos here. : https://github.com/thctlo/samba4/tree/master/howtos      Today i discovered that somehow a disabled user was able to login after a few retries.   I run a SSH/SFTP server for data exchange with the customer of the company here.   The SSH/SFTP server is restricted by groups, this

Debian Lenny, Dovecot v 1.0.15. I'm getting a lot of what I think is a local socket asking dovecot:auth to verify username/passwords: > May 31 09:00:54 server dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=admin rhost= Note the empty 'rhost='. That's why I think it's on the server. I see others that look like bots:

The good news is I believe I got Weakforce running 1) curl -X GET http://127.0.0.1:8084/?command=ping -u wforce:ourpassword {"status":"ok"}[ 2) after running the sample for loop: for a in {1..101}; do curl -X POST -H "Content-Type: application/json" --data '{"login":"ahu", "remote": "127.0.0.1",

I am seeing lots of these in my logs and there are often a hundered or so imap/dovecat process running. I am running RC Core3. Can anyone shead some light on how to correct this ? Jun 16 08:38:24 jidmail dovecot(pam_unix)[27653]: check pass; user unknown Jun 16 08:38:24 jidmail dovecot(pam_unix)[27653]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Jun 16 08:38:24 jidmail

Package: logcheck-database Version: 1.2.68 Severity: normal I'm using ldap to authenticate users. And thus pam_unix is sufficient, but allowed to fail. It has now started to spam the logs with lots of Jan 2 09:22:57 sisko sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host92-22-static.38-79-b.business.telecomitalia.it user=root And on

Hi I hope that I am not totally wrong when asking this on a Samba list, but as I followed a tutorial found at the SAMBA wiki I hope I can find someone how is able to help me. My goal is to set up a server acting as a SAMBA AD Server with single sign on for linux users. I use a Ubuntu Server 13.10 as the base. On top of this I installed a SAMBA 4.1.2 from GIT, did provisioning, Kerberos

I was browsing the OpenSSH sources (which are very readable, thankyou very much) and noticed that PAM was only being told what host the user is logging in from for account processing - not for password processing. As I can see no reason not to put this in start_pam this is exactly what I have done - and attached a patch to this effect. This allows PAM to fill in rhost= in its audit messages

I installed Dovecot on our FC3 sendmail server and get this from our Dallas office ( out of state to me ). dovecot(pam_unix)[13823]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost Only one Dallas user can get mail (pop3 or imap). All local users work fine. I ended upgoing back to UW and all works fine. What should I look for? Thanks -------------- next part --------------

Hi, I am using ver 1.0.1 and getting the following errors in mail.log and auth.log respectively. However I can login to imap and retrieve emails no problem, while sending email is also ok. Jun 27 23:59:21 webmail sm-mta[1889]: l5RIvhQE001865: Warning: program /usr/local/libexec/dovecot/deliver unsafe: Group writable directory Jun 27 23:27:30 webmail dovecot-auth: (pam_unix) authentication

All of a sudden I can no longer ssh into my server running CentOS 4.5 This is what happens: [john at lt-131-jdl-f7 ~]$ ssh -Y -p 2222 192.168.0.1 john at 192.168.0.1's password: Connection to 192.168.0.1 closed by remote host. Connection to 192.168.0.1 closed. And yes, the account does exist and the password is correct! Looking at the logs, I see this: Jun 7 18:51:37 moray1

> > After that you'll probably have to turn up logging in sssd and check its > logs to see what it's doing. i have set logging in sssd to 9: cache_credentials = true debug_level = 9 I first tried a user with the correct host attribute, then a user without the host attribute. The output in the logfiles are the same. Note: USER ist not a local user. Without correct ldap password