failed ssh attempts (Blocking ip address)

tko0383

failed ssh attempts (Blocking ip address)

« on: December 02, 2005, 07:32:03 PM »

I'm having repeated failed ssh attempts on my box.is there anyway to automatically block the ip address after so many failed attempts? I'm running sme 7 beta 8.

Thanks.

~T.J.

Logged

byte

2,183
+2/-0

failed ssh attempts (Blocking ip address)

« Reply #1 on: December 03, 2005, 12:26:00 AM »

Maybe try...

http://no.longer.valid/phpwiki/index.php/Changing%20the%20default%20ssh%20port%20on%20SME%207

Someone esle may have a better way!

HTH

Logged

--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

raem

3,972
+4/-0

Re: failed ssh attempts (Blocking ip address)

« Reply #2 on: December 03, 2005, 07:48:05 PM »

tko0383

> I'm having repeated failed ssh attempts on my
> box.is there anyway to automatically block the ip > address after so many failed attempts?

Have you bothered to search the forums on ssh etc.
There are numerous posts and answers to your "issue". All the following have been recently posted so search.

1) Use the snort acid guardian contib (various posts and contribs available, search on snort acid guardian or look at cbharda contribs area. It will block access from a deemed offending IP for 24 hours.

2) Configure the sme server to only allow ssh from certain IP's. Search for a forum post by gordonr (Gordon Rowell)

3) Use public private keys and disable password access for ssh. A HOWTO exists by wellsi (Ian Wells).

Logged

...

NickR

283
+0/-0

failed ssh attempts (Blocking ip address)

« Reply #3 on: December 03, 2005, 10:58:59 PM »

Quote from: "byte"

Maybe try...
http://no.longer.valid/phpwiki/index.php/Changing%20the%20default%20ssh%20port%20on%20SME%207
Someone esle may have a better way!

"Better" is a subjective term, but I'm using this http://www.pkts.ca/ssh-faker.shtml which is incredibly flexible if you don't have a useage pattern which lends itself to using keypairs.

A certain amount of crafting of the /etc/hosts.allow template is required initially, but it's well worth it.

Logged

--
Nick......

wa4bro

failed ssh attempts (Blocking ip address)

« Reply #4 on: December 04, 2005, 11:49:44 PM »

Quote from: "NickR"

Quote from: "byte"
Maybe try...
http://no.longer.valid/phpwiki/index.php/Changing%20the%20default%20ssh%20port%20on%20SME%207
Someone esle may have a better way!

"Better" is a subjective term, but I'm using this http://www.pkts.ca/ssh-faker.shtml which is incredibly flexible if you don't have a useage pattern which lends itself to using keypairs.

A certain amount of crafting of the /etc/hosts.allow template is required initially, but it's well worth it.

How about a HowTo on crating the template. This looks interesting. Did you install by rpm?

Logged

NickR

283
+0/-0

failed ssh attempts (Blocking ip address)

« Reply #5 on: December 05, 2005, 12:22:02 AM »

Quote from: "wa4bro"

How about a HowTo on crating the template. This looks interesting. Did you install by rpm?

The crafting I had in mind was that many of the servers I admin are remote & so I wanted a cast-iron guarantee that I could SSH from my own netblock. I will have a go at a small howto. I installed from RPM.

Logged

--
Nick......

wa4bro

failed ssh attempts (Blocking ip address)

« Reply #6 on: December 05, 2005, 01:25:43 AM »

Quote from: "NickR"

Quote from: "wa4bro"
How about a HowTo on crating the template. This looks interesting. Did you install by rpm?

The crafting I had in mind was that many of the servers I admin are remote & so I wanted a cast-iron guarantee that I could SSH from my own netblock. I will have a go at a small howto. I installed from RPM.

I am sure a lot of folks here will be interested.

Thanks

Logged