* fdr-os@corona.imap.cc [12-19-06 18:19]:

Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from 200.222.17.14

... on an older machine, I use fail2ban to look for this kind of harassment and block the IP for some amount of time.

Is there anything to accomplish this for SuSE?

I'm running SuSE 10.1.

me 2 I use DenyHosts, http://www.denyhosts.net but there is no openSUSE rpm for installing. I used the python installer provided with the tar-ball. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

fdr-os@corona.imap.cc wrote:

I get gobs of messages like this in /var/log/messages:

Dec 19 14:27:41 shoehorn sshd[11058]: Invalid user manager from 200.222.17.14 Dec 19 14:27:44 shoehorn sshd[11062]: Invalid user majordomo from 200.222.17.14 Dec 19 14:27:54 shoehorn sshd[11070]: Invalid user master from 200.222.17.14 Dec 19 14:28:06 shoehorn sshd[11080]: Invalid user named from 200.222.17.14 Dec 19 14:28:09 shoehorn sshd[11084]: Invalid user nasa from 200.222.17.14 Dec 19 14:28:16 shoehorn sshd[11088]: Invalid user netdump from 200.222.17.14 Dec 19 14:28:36 shoehorn sshd[11100]: Invalid user nfsnobody from 200.222.17.14 Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from 200.222.17.14

... on an older machine, I use fail2ban to look for this kind of harassment and block the IP for some amount of time.

Is there anything to accomplish this for SuSE?

fail2ban. Well, seriously, though there is no RPM package for SUSE (well, at least none that I know of), the fail2ban source works quite well. Granted, it would be a very good addition to openSUSE, for a future release or for the build service. Cheers, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

fdr-os@corona.imap.cc wrote:

I get gobs of messages like this in /var/log/messages:

Dec 19 14:27:41 shoehorn sshd[11058]: Invalid user manager from 200.222.17.14 Dec 19 14:27:44 shoehorn sshd[11062]: Invalid user majordomo from 200.222.17.14 Dec 19 14:27:54 shoehorn sshd[11070]: Invalid user master from 200.222.17.14 Dec 19 14:28:06 shoehorn sshd[11080]: Invalid user named from 200.222.17.14 Dec 19 14:28:09 shoehorn sshd[11084]: Invalid user nasa from 200.222.17.14 Dec 19 14:28:16 shoehorn sshd[11088]: Invalid user netdump from 200.222.17.14 Dec 19 14:28:36 shoehorn sshd[11100]: Invalid user nfsnobody from 200.222.17.14 Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from 200.222.17.14

... on an older machine, I use fail2ban to look for this kind of harassment and block the IP for some amount of time.

Is there anything to accomplish this for SuSE?

I'm running SuSE 10.1.

hmm, I always limit the allowed IPs in hosts.{deny.allow} and also limit the list of users who can login via ssh in sshd_config - saves a lot of overhead if we just close the door, rather than trying to dance with these folks... Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

fdr-os@corona.imap.cc wrote:

I get gobs of messages like this in /var/log/messages:

Dec 19 14:27:41 shoehorn sshd[11058]: Invalid user manager from 200.222.17.14 Dec 19 14:27:44 shoehorn sshd[11062]: Invalid user majordomo from 200.222.17.14 Dec 19 14:27:54 shoehorn sshd[11070]: Invalid user master from 200.222.17.14 Dec 19 14:28:06 shoehorn sshd[11080]: Invalid user named from 200.222.17.14 Dec 19 14:28:09 shoehorn sshd[11084]: Invalid user nasa from 200.222.17.14 Dec 19 14:28:16 shoehorn sshd[11088]: Invalid user netdump from 200.222.17.14 Dec 19 14:28:36 shoehorn sshd[11100]: Invalid user nfsnobody from 200.222.17.14 Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from 200.222.17.14

... on an older machine, I use fail2ban to look for this kind of harassment and block the IP for some amount of time.

Is there anything to accomplish this for SuSE?

http://lists.suse.com/archive/suse-security/2005-Dec/0069.html This works really well. /Per Jessen, Zürich -- http://www.spamchek.com/ - managed email security. Starting at SFr4/user/month. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org