koffiejunkie wrote:
Matthew Stringer wrote:
After having a similar problem I was recommended DenyHosts, swear by it now, blocks all these lamers.
http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
I'll vote for this too, although I would like to get something that uses iptables instead - taking the load off sshd. But denyhosts works pretty good.
Then I can recommend fail2ban, http://www.fail2ban.org/wiki/index.php/Main_Page It works for several log files, not just for ssh. It does also proper unblocking automatically, otherwise the deny-list tends to get very long. (You have very seldomly attacks from the same IP address several times.) It only falls short when the ssh-login host is in a DMZ, the logs are actually stored and processed on a different host, and the firewall is a 3rd system. But even though I once thought that this is the canonical secure setup, this situation seems to be quite rare; I don't see requests for an SSH-blocker in that scenario. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org