Carlos E. R. wrote:
On Saturday, 2008-11-22 at 03:27 -0600, David C. Rankin wrote:
Carlos E. R. wrote:
You know, somehow it is just gratifying to take a peek at the logs now:
Nov 22 03:06:57 bonza sshd[930]: twist astro.kursastro.net to /bin/echo -e "\n\n\tAccess Denied from astro.kursastro.net\tSo kindly FOADAH\n";sleep 10 Nov 22 03:08:11 bonza sshd[939]: twist bno-84-242-66-10.karneval.cz to /bin/echo -e "\n\n\tAccess Denied from bno-84-242-66-10.karneval.cz\tSo kindly FOADAH\n";sleep 10
ROTFL!
But where are they getting that string from?
I tried adding your code, modified, to /etc/hosts.allow:
#sshd : my.remote.ip : ALLOW #sshd : LOCAL : ALLOW sshd : ALL : twist /bin/echo -e "\n\n\tAccess Denied from %h\tSo kindly FOADAH\n";sleep 10
And when I try to log in, I see (with a delay):
cer@nimrodel:~> ssh localhost ssh_exchange_identification: Connection closed by remote host cer@nimrodel:~>
And the logs:
Nov 22 12:27:43 nimrodel sshd[7056]: twist 127.0.0.1 to /bin/echo -e "\n\n\tAccess Denied from 127.0.0.1\tSo kindly FOADAH\n";sleep 10
So... the log entry is entirely local. They don't get any text message, but your log is filled with refuse :-p
You'd better modify that line of yours ;-)
-- Cheers, Carlos E. R.
Carlos, Here is what I was thinking. From man 5 hosts_options: <quote> twist shell_command Replace the current process by an instance of the specified shell command, after performing the %<letter> expansions described in the hosts_access(5) manual page. Stdin, stdout and stderr are connected to the client process. This option must appear at the end of a rule. To send a customized bounce message to the client instead of running the real ftp daemon: in.ftpd : ... : twist /bin/echo 421 Some bounce message For an alternative way to talk to client processes, see the banners option below. To run /some/other/in.telnetd without polluting its command-line array or its process environment: in.telnetd : ... : twist PATH=/some/other; exec in.telnetd Warning: in case of UDP services, do not twist to commands that use the standard I/O or the read(2)/write(2) routines to communicate with the client process; UDP requires other I/O primitives. </quote> I'm not having any luck with the 'banners' option either. -- David C. Rankin, J.D.,P.E. | openSoftware und SystemEntwicklung Rankin Law Firm, PLLC | Countdown for openSuSE 11.1 www.rankinlawfirm.com | http://counter.opensuse.org/11.1/small -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org