On Sunday 10 June 2007, [EMAIL PROTECTED] wrote: > > Someone is trying to ssh on to my system. Trying on several ports. Not > > the first time, either. Thankfully, he does not have a password. Besides > > a bunch of Deprecated option ReverseMappingCheck, so far no harm done. > > > > Since my logs have this IP number, how do I find out who it is? > > Other replies address the question, but you could install fail2ban to > throttle the attacks from anywhere. fail2ban is a wonderful solution!
Looks good. I have installed, added a "jail" and path /var/log/auth.log I am unable to place a regex for it to detect the failure. Want something like "\Failed.+from.+\d" or such. No matter what I enter, it says "no regular expression is defined. No delimitor, quote, slash, etc. seems to work either. How does one enter these?
