Re: SSH Blocking

To: Nick Miller <nick@pressenter.com>
Cc: debian-user@lists.debian.org
Subject: Re: SSH Blocking
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Mon, 25 Apr 2005 10:03:29 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1050425100037.20282A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 426D01F2.4000900@pressenter.com>

On Mon, 25 Apr 2005, Nick Miller wrote:

>   I maintain a couple of exim mail servers on the Internet and I have 
> noticed that a lot of people will try to gain access to these machines 
> by trying multiple SSH logins with all sorts of names. I am wondering if 
> there is an option in SSHD to block an IP after a certain amount of 
> failed login attempts as any user?

- you should be disallowing ALL ssh connections to begin with
	and disallow remote ssh loing as root

- you should only allow ssh login from ip# that you know about

- use /etc/hosts.deny to deny everything
	ALL:ALL

- use /etc/hosts.allow to allow incoming ssh from ip# you trust
	sshd:  192.168.1.1  w.x.y.z

- even you, knowing your login and passwd, will not be able to
  log into the system if you turn on tcpwrappers for ssh

c ya
alvin

Reply to:

Follow-Ups:
- Re: SSH Blocking
  - From: Nicos Gollan <gtdev@spearhead.de>
- Re: SSH Blocking
  - From: Brendan <mailinglist@endosquid.com>
- Re: SSH Blocking
  - From: Steve Block <scblock@ev-15.com>

References:
- SSH Blocking
  - From: Nick Miller <nick@pressenter.com>

Prev by Date: Re: Thesis/Dissertation authoring application
Next by Date: Re: SSH Blocking
Previous by thread: Re: SSH Blocking
Next by thread: Re: SSH Blocking
Index(es):
- Date
- Thread