Joachim Schrod wrote:
There is a problem with the recent module and its
Jifies. ssh login does not work when one has just booted, until jifie
gets 0 and starts incrementing, then it works. (That's roughly 5
minutes.) There is a bug report in Debian about this.
That particular problem I can live with, but you mention another one
concerning jiffies further down.
We have now abandoned that approach, also for other
reasons. Let me
see, maybe the following is of interest...
Yes, thanks - very much worth a read.
The ssh server is not necessarily run on the
I.e., the firewall may forward ssh connection to a system in the DMZ.
Yes, this is the case in my setup.
That solution would be a very good choice -- if it
ipt_recent doesn't work correctly when Jifies in the Linux kernel
overflow. Then it blocks every request, even though they didn't pass
Umm, that's a showstopper alright. I found these:
which seems to suggest that the jiffies problem is fixed in recent 2.6
kernels. I wonder if any of it got backported to 2.4.
Therefore we have chosen to skip this approach.
I sort of like your alternative solution, although it is a little too
complicated/over-engineered for my own needs. For various reasons we
must have ssh access externally, but it is not used very much - less
than once per month. We should undoubtedly just switch to not using
passwords, but changing it is not a high priority.
logsurfer is used because I don't know a better
log watching and event
creation system. I would prefer to have a better one; it is not really
suited for the task, as explained below.
I don't know logsurfer, but syslog-ng has some pretty neat features for
diverting log-entries to different files and/or pipes, even a database.
That has been quite helpful to me a number of times.
/Per Jessen, Zürich