----- Original Message -----
From: "David C. Rankin"
Carlos E. R. wrote:
On Monday, 2008-11-24 at 11:55 -0500, Brian K. White wrote:
Did carlos try connecting only with a real ssh client, or did he try connecting with telnet or netcat?
Real ssh client.
Perhaps the string is sent back but ssh the client discards it since it's not valid ssh protocol?
Could be.
Reminds me... when is the file "/etc/issue.net" sent to the clients? I don't see it via ssh. Could be related?
-- Cheers, Carlos E. R.
FOUND IT! (it will take preventing access for a while, but....)
From man ssh
/etc/nologin
If this file exists, sshd refuses to let anyone except root log in. The contents of the file are displayed to anyone trying to log in, and non-root connections are refused. The file should be world-readable.
OK!
cd /etc ln -s /usr/bin/mplayer nologin
Now for a little fun.... ;-)
That file is used by more than just sshd. it's a generic sort of file that many *ix os's use, sometimes just by a few lines in /etc/profile, meaning you have already logged in to some daemon or other by the time /etc/nologin comes into play. sshd does read it a little earlier than that though. I would NOT do the above symlink or put anything but text into that file. Also, usually, root is still allowed to log in even when there is a /etc/nologin. (unless the daemon in question has other config which disables direct root login, such as /etc/securetty for telnetd, and sshd_config for ssh, etc...) It's not the place to play that kind of game. really. IE: more likely to crash your own daemons than borther any hackers. The RBL approach sounds great. Automatically report any ip's that the filter gets triggered into blocking. Now if that would go a bit further to where it bothers the admins of isp's that provide the offending ip's... -- Brian K. White brian@aljex.com http://www.myspace.com/KEYofR +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++. filePro BBx Linux SCO FreeBSD #callahans Satriani Filk! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org