Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: tko0383 on December 02, 2005, 07:32:03 PM

Title: failed ssh attempts (Blocking ip address)
Post by: tko0383 on December 02, 2005, 07:32:03 PM

I'm having repeated failed ssh attempts on my box.is there anyway to automatically block the ip address after so many failed attempts? I'm running sme 7 beta 8.

Thanks.

~T.J.

Title: failed ssh attempts (Blocking ip address)
Post by: byte on December 03, 2005, 12:26:00 AM

Maybe try...

http://no.longer.valid/phpwiki/index.php/Changing%20the%20default%20ssh%20port%20on%20SME%207

Someone esle may have a better way!

HTH

Title: Re: failed ssh attempts (Blocking ip address)
Post by: raem on December 03, 2005, 07:48:05 PM

tko0383

> I'm having repeated failed ssh attempts on my
> box.is there anyway to automatically block the ip > address after so many failed attempts?

Have you bothered to search the forums on ssh etc.
There are numerous posts and answers to your "issue". All the following have been recently posted so search.

1) Use the snort acid guardian contib (various posts and contribs available, search on snort acid guardian or look at cbharda contribs area. It will block access from a deemed offending IP for 24 hours.

2) Configure the sme server to only allow ssh from certain IP's. Search for a forum post by gordonr (Gordon Rowell)

3) Use public private keys and disable password access for ssh. A HOWTO exists by wellsi (Ian Wells).

Title: failed ssh attempts (Blocking ip address)
Post by: NickR on December 03, 2005, 10:58:59 PM

Quote from: "byte"

Maybe try...
http://no.longer.valid/phpwiki/index.php/Changing%20the%20default%20ssh%20port%20on%20SME%207
Someone esle may have a better way!

"Better" is a subjective term, but I'm using this http://www.pkts.ca/ssh-faker.shtml which is incredibly flexible if you don't have a useage pattern which lends itself to using keypairs.

A certain amount of crafting of the /etc/hosts.allow template is required initially, but it's well worth it.

Title: failed ssh attempts (Blocking ip address)
Post by: wa4bro on December 04, 2005, 11:49:44 PM

Quote from: "NickR"

Quote from: "byte"

Maybe try...
http://no.longer.valid/phpwiki/index.php/Changing%20the%20default%20ssh%20port%20on%20SME%207
Someone esle may have a better way!

"Better" is a subjective term, but I'm using this http://www.pkts.ca/ssh-faker.shtml which is incredibly flexible if you don't have a useage pattern which lends itself to using keypairs.

A certain amount of crafting of the /etc/hosts.allow template is required initially, but it's well worth it.

How about a HowTo on crating the template. This looks interesting. Did you install by rpm?

Title: failed ssh attempts (Blocking ip address)
Post by: NickR on December 05, 2005, 12:22:02 AM

Quote from: "wa4bro"

How about a HowTo on crating the template. This looks interesting. Did you install by rpm?

The crafting I had in mind was that many of the servers I admin are remote & so I wanted a cast-iron guarantee that I could SSH from my own netblock.  I will have a go at a small howto.  I installed from RPM.

Title: failed ssh attempts (Blocking ip address)
Post by: wa4bro on December 05, 2005, 01:25:43 AM

Quote from: "NickR"

Quote from: "wa4bro"

How about a HowTo on crating the template. This looks interesting. Did you install by rpm?

The crafting I had in mind was that many of the servers I admin are remote & so I wanted a cast-iron guarantee that I could SSH from my own netblock.  I will have a go at a small howto.  I installed from RPM.

I am sure a lot of folks here will be interested.

Thanks