Erik de Castro Lopo <[EMAIL PROTECTED]> writes: > Phill O'Flynn wrote: > >> I am running a fedora server and currently using hosts.allow to >> only allow ssh accesses from specific ip addresses. I did this because I was >> getting >> a lot of idiots from eastern Europe and Russia tring to crack my server. >> >> This has been okĀ but now is prooving to be too restrictive. Can I get the >> server to force certificate based logins only?? If so how do I do it?? Is >> this the >> best approach anyway?? > > Also have a look at pam_abl: > http://www.hexten.net/wiki/index.php/Pam_abl
Oh, nice tool. It is a pity that it isn't maintained upstream any longer, or packaged for Debian / Ubuntu. Being a PAM module is especially nice, since it means that this would work for *any* PAM integrated application, not just SSH. Personally, I use fail2ban[1] which uses the cruder, but still effective, technique of reading your logs and blocking people who try to guess passwords via iptables. I like it better than most of the alternatives because, unlike many tools, it ships with configuration for a range of services in addition to the basic ssh stuff. So, you can detect the same brute-force attacks via IMAP, POP, FTP, or any of the other common sources of this.[2] Regards, Daniel Footnotes: [1] http://fail2ban.sf.net/ [2] I am still amazed, in fact, that more of the brute forcing is not targetted at POP/IMAP accounts and passwords, since the mapping is frequently trivial to real accounts, and they are monitored so much less effectively. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html