Re: SSH Blocking

To: debian-user@lists.debian.org
Subject: Re: SSH Blocking
From: Michelle Konzack <linux4michelle@freenet.de>
Date: Sun, 1 May 2005 12:10:18 +0200
Message-id: <[🔎] 20050501101017.GC21701@freenet.de>
In-reply-to: <Pine.LNX.3.96.1050425100037.20282A-100000@Maggie.Linux-Consulting.com>
References: <426D01F2.4000900@pressenter.com> <Pine.LNX.3.96.1050425100037.20282A-100000@Maggie.Linux-Consulting.com>

Am 2005-04-25 10:03:29, schrieb Alvin Oga:

> - use /etc/hosts.deny to deny everything
> 	ALL:ALL
> 
> - use /etc/hosts.allow to allow incoming ssh from ip# you trust
> 	sshd:  192.168.1.1  w.x.y.z

I have encountered then sshd read this two files every time anyone
try to login

Now I have setup my /etc/syslog.conf to pipe the sshd log
into a script which detect the "haccing attemped and put
the IP into /etc/hosts.deny dynamicly.

:-)

Now I have very small sshd.log of some kByte because
before I used piping I had around 1,3 to 60 MByte per week.

Oh yes, blacklisted IPs stay 3 hour after last false login
there and then they are automaticly deleted.

It works with a simpel text/plain database

serialdate      ipaddress

> c ya
> alvin

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Attachment: signature.pgp
Description: Digital signature

Reply to:

Prev by Date: Re: Strange alsa problem - oss emulation works, alsa don't
Next by Date: SAMBA share name length limitations ?
Previous by thread: Re: apt-get deprecated?
Next by thread: Re: SSH Blocking
Index(es):
- Date
- Thread