[TriLUG] Failed logins
Alan Porter
porter at trilug.org
Fri Sep 2 10:42:00 EDT 2005
Two things:
(1)
Check out DenyHosts - it's a small python script that scrapes your
authentication logs and populates /etc/hosts.deny based on failed
login attempts. http://denyhosts.sourceforge.net/
(2)
If shutting off root ssh access seems too drastic, you can restrict
root ssh logins from specific IP's. Like this:
# /etc/ssh/sshd_config
# The following notation is misleading: root at machine means
# any user from 'machine' can try to log in here as root.
PermitRootLogin yes
AllowUsers user1 user2 root at 10.1.1.* root at work.ip.address root at trilug.ip.address
Alan
.
More information about the TriLUG
mailing list