Mailinglist Archive: opensuse (933 mails)
| < Previous | Next > |
[opensuse] Re: [opensuse-security] Howto restrict number of sshd sessions per minute
- From: Otto Rodusek <otto@xxxxxxxxxxxxxx>
- Date: Thu, 10 Jun 2010 01:37:20 +0800
- Message-id: <4C0FD150.4090205@xxxxxxxxxxxxxx>
Arthur DiSegna wrote:
Thanks for your feedback. Yes I'm very familiar with denyhosts as well as a couple of other solutions. I am using a perl solution for the moment. However I consider this a "bandage" fix (sort of...) - I feel that iptables should work as advertised and I'd really like to learn why in this case it doesn't. I agree that a product like denyhosts is a really good idea and should be used regardless but I'd also like to know why iptables doesn't behave and are there other instances where iptables "misbehaves" or am I just doing something wrong.
Again, thanks for your feedback. Best regards. Otto.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Have you looked at the Denyhosts program?Hi Arthur,
http://denyhosts.sourceforge.net/
ad^2
-----Original Message-----
From: Otto Rodusek <otto@xxxxxxxxxxxxxx>
Reply-to: otto@xxxxxxxxxxxxxx
To: opensuse-security@xxxxxxxxxxxx
Subject: [opensuse-security] Howto restrict number of sshd sessions per
minute
Date: Thu, 10 Jun 2010 01:06:59 +0800
Hi ListMates,
I'm trying to resolve a problem with Susefirewall2 that I've had for some time and I'm hoping to get a resolution if possible. I'm trying this on a Dell Server T110 using opensuse linux 11.2 - uname: Linux bunyip 2.6.31.12-0.2-desktop #1 SMP PREEMPT 2010-03-16 21:25:39 +0100 i686 i686 i386 GNU/Linux.
I'm trying to restrict the number of sshd login attempts to only 5 per minute and no more.
I've read the docs and have modified /etc/sysconfig/SuSEfirewall2 (FW_SERVICES_ACCEPT_EXT="0/0,tcp,22") to (FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh").
If I check my logs I can still see that MANY sshd login attempts still happen within the 60 seconds. I have installed a perl program to catch and firewall those culprits BUT I would still like to know why the above code doesn't seem to work. Have I forgotten to edit something else? Any help would be much appreciated.
If it helps, below is the result of the iptables -L - maybe someone can spot something here?
Again much thanks for any help in this area.
Thanks for your feedback. Yes I'm very familiar with denyhosts as well as a couple of other solutions. I am using a perl solution for the moment. However I consider this a "bandage" fix (sort of...) - I feel that iptables should work as advertised and I'd really like to learn why in this case it doesn't. I agree that a product like denyhosts is a really good idea and should be used regardless but I'd also like to know why iptables doesn't behave and are there other instances where iptables "misbehaves" or am I just doing something wrong.
Again, thanks for your feedback. Best regards. Otto.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |