[TriLUG] Failed logins

Alan Porter porter at trilug.org
Fri Sep 2 10:42:00 EDT 2005


Two things:

(1)

Check out DenyHosts - it's a small python script that scrapes your
authentication logs and populates /etc/hosts.deny based on failed
login attempts.  http://denyhosts.sourceforge.net/

(2)

If shutting off root ssh access seems too drastic, you can restrict
root ssh logins from specific IP's.  Like this:

   # /etc/ssh/sshd_config
   # The following notation is misleading: root at machine means
   # any user from 'machine' can try to log in here as root.
   PermitRootLogin yes
   AllowUsers user1 user2 root at 10.1.1.* root at work.ip.address root at trilug.ip.address


Alan




.



More information about the TriLUG mailing list