koffiejunkie wrote:
Matthew Stringer wrote:
After having a similar problem I was recommended DenyHosts, swear by
it now, blocks all these lamers.
http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
I'll vote for this too, although I would like to get something that uses
iptables instead - taking the load off sshd. But denyhosts works pretty
good.
Then I can recommend fail2ban,
http://www.fail2ban.org/wiki/index.php/Main_Page
It works for several log files, not just for ssh.
It does also proper unblocking automatically, otherwise the
deny-list tends to get very long. (You have very seldomly attacks
from the same IP address several times.)
It only falls short when the ssh-login host is in a DMZ, the logs
are actually stored and processed on a different host, and the
firewall is a 3rd system. But even though I once thought that this
is the canonical secure setup, this situation seems to be quite
rare; I don't see requests for an SSH-blocker in that scenario.
Joachim
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod Email: [EMAIL PROTECTED]
Roedermark, Germany
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
