Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-server

From: Sean Wells <sean@×××××××××××.com>
To: gentoo-server@l.g.o
Subject: RE: [gentoo-server] sshd (many connection attempts with invalid user)
Date: Fri, 06 May 2005 18:06:34
Message-Id: 200505061806.j46I6XLF024853@robin.gentoo.org
In Reply to: RE: [gentoo-server] sshd (many connection attempts with invalid u ser) by "Old
1 Also on the forums there's a script called "fail2ban". It's a python script
2 and it monitors my logs for failed logins. I can set the time they're
3 banned for and how many login attempts to tolerate.
4
5 http://fail2ban.sourceforge.net/
6 http://forums.gentoo.org/viewtopic-t-255103-highlight-fail2ban.html
7
8
9 Sean Wells
10 Network Administrator
11 Data Mosaics, Inc.
12 2406 S. Dishman Mica Rd. Suite 6
13 Spokane Valley, WA 99206
14 866.904.DMSF (phone)
15 509.928.4236 (fax)
16 -----Original Message-----
17 From: Old, Gregory [mailto:GregoryOld@×××××××××.com]
18 Sent: Friday, May 06, 2005 10:23 AM
19 To: 'gentoo-server@l.g.o'
20 Subject: RE: [gentoo-server] sshd (many connection attempts with invalid
21 user)
22
23 Claudinei,
24
25 I have seen the same issue with SSH attempts, what I did was I changed my
26 default port to a non-standard port. This eliminated the problem for me.
27 You can change the port setting in the sshd_config file and then restart the
28 daemons.
29
30 Thanks,
31 Greg Old
32
33
34 -----Original Message-----
35 From: Kirk Hoganson [mailto:kirk2@×××××××××.com]
36 Sent: Friday, May 06, 2005 12:56 PM
37 To: gentoo-server@l.g.o
38 Subject: Re: [gentoo-server] sshd (many connection attempts with invalid
39 user)
40
41 It could be done using iptables, but I am not aware of such
42 functionality within the sshd itself.
43
44 Kirk
45
46 Claudinei Matos said the following:
47 > Hi,
48 >
49 > I have a lot of connection attempts in my ssh server. I've take a look
50 > at sshd_config man pages but I didn't found a way to deny the source
51 > ip of the attempts by 5 minutes (i.e.) if this ip can't login after 5
52 > attempts (i.e.). Is there a way to do this?
53 >
54 > Tks,
55 >
56 > Claudinei Matos
57 >
58 --
59 gentoo-server@g.o mailing list
60 --
61 gentoo-server@g.o mailing list
62
63 --
64 gentoo-server@g.o mailing list
Report Message
Find on MARC Find on Google Groups