sshd

[Georges Roux]

Voila, des imbéciles font tourner des scripts ( 1 par minute, je suppose 
dans une crontab )
et essayent d'acceder au serveur mimosa via ssh, bon ils se font jeter 
parceque root.
cependant dans leur script ils essaient plusieurs users successivement 
au cas ou un user seraient aussi sudoer.

extrait de auth.log:
Dec 20 02:07:10 mimosa sshd[7519]: Failed password for illegal user test 
from ::ffff:219.239.239.235 port 42748 ssh2
Dec 20 02:07:23 mimosa sshd[7521]: Failed password for illegal user 
guest from ::ffff:219.239.239.235 port 42800 ssh2
Dec 21 10:13:48 mimosa sshd[24814]: Failed password for illegal user 
test from ::ffff:60.31.216.55 port 43156 ssh2
Dec 21 10:13:57 mimosa sshd[24816]: Failed password for illegal user 
guest from ::ffff:60.31.216.55 port 43220 ssh2
Dec 21 10:14:00 mimosa sshd[24818]: Failed password for illegal user 
admin from ::ffff:60.31.216.55 port 43351 ssh2
Dec 21 10:14:04 mimosa sshd[24820]: Failed password for illegal user 
admin from ::ffff:60.31.216.55 port 43409 ssh2
Dec 21 10:14:11 mimosa sshd[24822]: Failed password for illegal user 
user from ::ffff:60.31.216.55 port 43459 ssh2
Dec 21 10:14:15 mimosa sshd[24824]: Failed password for illegal user 
root from ::ffff:60.31.216.55 port 43575 ssh2
Dec 21 10:14:19 mimosa sshd[24826]: Failed password for illegal user 
root from ::ffff:60.31.216.55 port 43633 ssh2
Dec 21 10:14:23 mimosa sshd[24828]: Failed password for illegal user 
root from ::ffff:60.31.216.55 port 43695 ssh2
Dec 21 10:14:29 mimosa sshd[24830]: Failed password for illegal user 
test from ::ffff:60.31.216.55 port 43748 ssh2
Dec 21 17:07:38 mimosa sshd[27987]: Failed password for illegal user 
jordan from ::ffff:194.109.122.4 port 3845 ssh2
Dec 21 17:07:39 mimosa sshd[27989]: Failed password for illegal user 
michael from ::ffff:194.109.122.4 port 3865 ssh2
Dec 21 17:07:40 mimosa sshd[27991]: Failed password for illegal user 
nicole from ::ffff:194.109.122.4 port 3883 ssh2
Dec 21 17:07:41 mimosa sshd[27993]: Failed password for illegal user 
daniel from ::ffff:194.109.122.4 port 3904 ssh2
Dec 21 17:07:42 mimosa sshd[27995]: Failed password for illegal user 
andrew from ::ffff:194.109.122.4 port 3925 ssh2
Dec 21 17:07:44 mimosa sshd[27997]: Failed password for illegal user 
nathan from ::ffff:194.109.122.4 port 3944 ssh2
Dec 21 17:07:45 mimosa sshd[27999]: Failed password for illegal user 
matthew from ::ffff:194.109.122.4 port 3967 ssh2
Dec 21 17:07:46 mimosa sshd[28001]: Failed password for illegal user 
magic from ::ffff:194.109.122.4 port 3989 ssh2
Dec 21 17:07:47 mimosa sshd[28003]: Failed password for illegal user 
lion from ::ffff:194.109.122.4 port 4009 ssh2

Je dit ils parceque IP n'est pas fixe.

Ma question, comment faire pour interdire l'acces total a une IP dont 
l'authentification a echoué plus de 20 fois.
genre la mettre dans host.deny, y a t'il un script ou une configuration 
de ssh qui le fasse?

Georges