Delivery-Date: Mon, 10 Aug 2015 20:55:19 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8563D1E0843;
	Mon, 10 Aug 2015 20:55:17 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 53850353B2;
	Tue, 11 Aug 2015 00:55:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id AC84035208
 for <tor-talk@lists.torproject.org>; Tue, 11 Aug 2015 00:55:06 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id SU9d-PdtDt8j for <tor-talk@lists.torproject.org>;
 Tue, 11 Aug 2015 00:55:06 +0000 (UTC)
Received: from norma.uberspace.de (norma.uberspace.de [95.143.172.172])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 42B6F351D4
 for <tor-talk@lists.torproject.org>; Tue, 11 Aug 2015 00:55:05 +0000 (UTC)
Received: (qmail 9400 invoked from network); 11 Aug 2015 00:55:01 -0000
Received: from localhost (HELO tacop) (127.0.0.1)
 by norma.uberspace.de with SMTP; 11 Aug 2015 00:55:01 -0000
Received: by tacop (Postfix, from userid 1000)
 id 0850C59A61; Tue, 11 Aug 2015 02:55:01 +0200 (CEST)
Date: Tue, 11 Aug 2015 02:55:00 +0200
From: Jens Kubieziel <maillist@kubieziel.de>
To: tor-talk <tor-talk@lists.torproject.org>
Message-ID: <20150811005500.GO30469@kubieziel.de>
Mail-Followup-To: tor-talk <tor-talk@lists.torproject.org>
MIME-Version: 1.0
Organisation: Qbi's Welt
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [tor-talk] SSH connection attempts through hidden service
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0174735274569050221=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============0174735274569050221==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="UFMLoheMaWcIEZAi"
Content-Disposition: inline


--UFMLoheMaWcIEZAi
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

I'm running a SSH hidden service on some machines. Recently I was quite
surprised to find the following lines in my logs:

Aug  5 17:06:37 linux sshd[23935]: input_userauth_request: invalid user roo=
t [preauth]
Aug  5 17:06:51 linux sshd[23935]: Disconnecting: Too many authentication f=
ailures for root [preauth]

Nobody besides me knowns the onion name. But the person who ran those
tests tried user names like tor, hidden etc.

Has anyone also seen such connection attempts through hidden services?

--=20
Jens Kubieziel                                   http://www.kubieziel.de
Mathematik ist die radikalste aller Geisteswissenschaften. Wer ihr in jungen
Jahren begegnet, lernt etwas =FCber Freiheit  und deshalb auch etwas =FCber
Innovation.                                 DIE ZEIT 02.12.2004 Nr.50

--UFMLoheMaWcIEZAi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJVyUfkAAoJEGWz8JTqPk1hIuEQALX8644/NgOlZixFiyJupHvu
OHFx5xLyZHXl8280XAWpBg9Tz8r7cP9rhWtIa/VqNowz4yA/9T6XopnktvXTNrEt
KRR6evPu3kDIXHt2EFvjeQnoUv1CS52mTqTPiONIb5DgO6o72BHbVUnbMyMvH+uS
o2V3slUE6Yr2kx+TL39T6ako354gq/zxx5AujwcPZWtMozoOmNI5F8NWFLULP1c1
x/2RinqI4uprYUZ4hQw1+q0TnQQGxVK6e7t+ImqU9KvezEKsh/zxDy20Ocpk/BS6
XMUVHDV509so9+4+9YkoOE02h9XFO6yPCRmKvfgBCd/KEWZ5oOObvsJrQBV7ia9N
xCgO+gzmvOk1ODLGRbyJnm4wp0gFQzf/gDVowvvxx++ZwIZA6jI/Lbl3lLXW/YeU
RMkUw6d9aiBx4P8mckJJldjuDdT2p8B6lyI4bh4/Gxqsz+vQfH9fjlP5SADqxVQt
OD9Y0utNQovtcLn3uxD1LbrwDCIPrMkC9fFHaTnjki8x/jMEDEW2bwB6S9qUIkvp
1+0OFOPGSRwGDTwWEAi2ek5ELnVedgkdYD/TWKbyKN16KZPsHtqh72nqORe8J5np
JtE+km/VHjcWecPsb2JWAU8XMchdOYB65VrvNkg0eXRp3AIMFqr/F7ZcLP2NL7ib
HtBa8j269WJkz+SjpObh
=7nhl
-----END PGP SIGNATURE-----

--UFMLoheMaWcIEZAi--

--===============0174735274569050221==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0174735274569050221==--

