Mailinglist Archive: opensuse (4634 mails)

< Previous Next >
Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
  • From: Coach-X <coachx@xxxxxxx>
  • Date: Tue, 19 Dec 2006 21:37:29 -0500
  • Message-id: <4588A1E9.7090401@xxxxxxx>
> I get gobs of messages like this in /var/log/messages:
>
> Dec 19 14:27:41 shoehorn sshd[11058]: Invalid user manager from
> 200.222.17.14
> Dec 19 14:27:44 shoehorn sshd[11062]: Invalid user majordomo from
> 200.222.17.14
> Dec 19 14:27:54 shoehorn sshd[11070]: Invalid user master from
> 200.222.17.14
> Dec 19 14:28:06 shoehorn sshd[11080]: Invalid user named from
> 200.222.17.14
> Dec 19 14:28:09 shoehorn sshd[11084]: Invalid user nasa from
> 200.222.17.14
> Dec 19 14:28:16 shoehorn sshd[11088]: Invalid user netdump from
> 200.222.17.14
> Dec 19 14:28:36 shoehorn sshd[11100]: Invalid user nfsnobody from
> 200.222.17.14
> Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from
> 200.222.17.14
>
> ... on an older machine, I use fail2ban to look for this kind of
> harassment and block the IP for some amount of time.
>
> Is there anything to accomplish this for SuSE?
>
> I'm running SuSE 10.1.

We have run our ssh server on an alternate port and have not had one
unauthorized attempt in over 15 months.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >