Gentoo Archives: gentoo-server

From: Erik Anderson <erikerik@×××××.com>
To: gentoo-server@l.g.o
Subject: Re: [gentoo-server] Locking out SSH brute-force attacks
Date: Thu, 06 Oct 2005 17:05:29
Message-Id: fc40260f0510061002y373dd1e9y70c96c5ff5369ad4@mail.gmail.com
In Reply to: Re: [gentoo-server] Locking out SSH brute-force attacks by "A. Khattri"
1 On 10/6/05, A. Khattri <ajai@××××.net> wrote:
2 >
3 > Looks great - Ill look into this. On this web server, I allow ssh
4 > connections so many of the techniques discussed on the thread (different
5 > ports, port knocking, etc) are not open to me. If I didn't need to give
6 > out ssh access I would just switch of password auth ;-)
7 >
8 > Anyway, Ill go look at denyhosts...
9
10 Let me know if you have any issues getting it set up. You basically
11 extract the tarball to a location of your choice -
12 /usr/local/denyhosts in my case, copy the denyhosts.cfg to /etc,
13 configure it as you want, and then add the following cron job:
14
15 * * * * * python /usr/local/DenyHosts/denyhosts.py -c /etc/denyhosts.cfg
16
17 That will (obviously) run the script every minute. Sure, that may be
18 overkill, but it shouldn't hurt anything. If you keep your old
19 logfiles, you can manually run them through denyhosts. The script is
20 able to deal gracefully with gzipped logfiles. Look through the
21 documentation to see how to do this.
22
23 -Erik
24
25 --
26 gentoo-server@g.o mailing list

Replies

Subject Author
Re: [gentoo-server] Locking out SSH brute-force attacks "A. Khattri" <ajai@××××.net>