I observe that sshguard 1.7.1-1 in bionic doesn't block SSH bruteforce attacks which are trying to log in as nonexistent accounts.
Whilst it blocks attacks which result in auth.log messages like:
Jan 15 08:51:19 io sshd[18965]: Failed password for root from 223.223.200.14 port 48974 ssh2
it doesn't block attacks which result in:
Jan 15 11:31:15 io sshd[11997]: Failed password for invalid user guest from 58.186.196.223 port 21715 ssh2
I consider this a security issue since sshguard is not performing its function -- it looks at first glance like it is working (it does block *some* attacks) but it misses the majority.
Could this or a later version be backported to bionic?
I observe that sshguard 1.7.1-1 in bionic doesn't block SSH bruteforce attacks which are trying to log in as nonexistent accounts.
Whilst it blocks attacks which result in auth.log messages like:
Jan 15 08:51:19 io sshd[18965]: Failed password for root from 223.223.200.14 port 48974 ssh2
it doesn't block attacks which result in:
Jan 15 11:31:15 io sshd[11997]: Failed password for invalid user guest from 58.186.196.223 port 21715 ssh2
Matching log lines which include "invalid user" was added in sshguard 2.1.0 (https:/ /sourceforge. net/p/sshguard/ mailman/ message/ 36109171/).
I consider this a security issue since sshguard is not performing its function -- it looks at first glance like it is working (it does block *some* attacks) but it misses the majority.
Could this or a later version be backported to bionic?