Erik de Castro Lopo <[EMAIL PROTECTED]> writes:
> Phill O'Flynn wrote:
>
>> I am running a fedora server and currently using hosts.allow to
>> only allow ssh accesses from specific ip addresses. I did this because I was
>> getting
>> a lot of idiots from eastern Europe and Russia tring to crack my server.
>>
>> This has been okĀ but now is prooving to be too restrictive. Can I get the
>> server to force certificate based logins only?? If so how do I do it?? Is
>> this the
>> best approach anyway??
>
> Also have a look at pam_abl:
> http://www.hexten.net/wiki/index.php/Pam_abl
Oh, nice tool. It is a pity that it isn't maintained upstream any
longer, or packaged for Debian / Ubuntu. Being a PAM module is
especially nice, since it means that this would work for *any* PAM
integrated application, not just SSH.
Personally, I use fail2ban[1] which uses the cruder, but still
effective, technique of reading your logs and blocking people who try to
guess passwords via iptables.
I like it better than most of the alternatives because, unlike many
tools, it ships with configuration for a range of services in addition
to the basic ssh stuff.
So, you can detect the same brute-force attacks via IMAP, POP, FTP, or
any of the other common sources of this.[2]
Regards,
Daniel
Footnotes:
[1] http://fail2ban.sf.net/
[2] I am still amazed, in fact, that more of the brute forcing is not
targetted at POP/IMAP accounts and passwords, since the mapping is
frequently trivial to real accounts, and they are monitored so much
less effectively.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
