Re: SSH attack

To: debian list <debian-user@lists.debian.org>
Subject: Re: SSH attack
From: Marty <martyb@ix.netcom.com>
Date: Tue, 11 Oct 2005 01:01:04 -0400
Message-id: <[🔎] 434B4710.3080208@ix.netcom.com>
In-reply-to: <[🔎] Pine.LNX.3.96.1051010211919.18924A-100000@Maggie.Linux-Consulting.com>
References: <[🔎] Pine.LNX.3.96.1051010211919.18924A-100000@Maggie.Linux-Consulting.com>

Alvin Oga wrote:

On Mon, 10 Oct 2005, Marty wrote:
> simple test ...> ( use your positive or negative logic equivalents for these files )>> /etc/hosts.deny
> 	ALL : ALL

I'm not sure that will work with the manpage example I gave.
works for me ... no services coming in that is not supposed to


I meant sending the email alert as described in the manpage.

> you'll find that you will need to have
>> /etc/hosts.allow
> 	sshd : 192.168.123.456
>> restart the inetd or sshd as needed
Don't forget to add your ssh entry in /etc/inetd.conf.


everything is turned off, sshd is NOT listed in inetd.conf or xinetd.conf
whichever one is being used .. and similarly for the [x]inetd daemon
itself
	- sshd does its own magic based on the allow/deny entries


I had forgotten about that.  It really got me the first time I tried
to run ssh, and it doesn't seem to be well documented anywhere.
Still it seems better to start ssh from (x)inetd for security reasons.


--------

grep whatever you like from the gazillion log files for ssh this and ssh
that


I don't know what you're getting at here.   The idea is to get a realtime email alert.


c ya
alvin

Reply to:

Follow-Ups:
- Re: SSH attack
  - From: Alvin Oga <aoga@mail.Linux-Consulting.com>

References:
- Re: SSH attack
  - From: Alvin Oga <aoga@mail.Linux-Consulting.com>

Prev by Date: Re: webserver logfile analiser (php site)
Next by Date: Re: SSH attack
Previous by thread: Re: SSH attack
Next by thread: Re: SSH attack
Index(es):
- Date
- Thread