On Monday 10 March 2003 16:02, Fabio De Francesco wrote:
Can someone explain how I can block these attempts to negotiate ssh session from the outside of my LAN? That is, I read "connection refused" in the following log (/var/log/messages), but only from the second attempt. What can we say about the first one from 62.211.51.30? It seems to have been accepted because I don't read any "connection refused".
Probably because there wasn't a login attempt, if there was a successfull login there would be a message that said so.
In any case my firewall ACCEPT these connection that I want to block. Is "connection refused" the answer from TCPWrapper? And why just on the second attempt?
No it says sshd refused the connection.
I would like to append a rule is SuSE-Firewall2 to block this attempts.
What do you mean add a rule, you just have to delete ssh or 22 from the FW_SERVICES_EXT_TCP line in your SuSEfirewall2 config file, if you didn't want SSH access from the outside why did you add that at all? -- GertJan Email address is invalid, so don't reply directly, I'm on the list.