On Sat, 4 Dec 2004 14:50:24 -0700 "s. keeling" <[EMAIL PROTECTED]> wrote:
> Incoming from Adam Rosi-Kessel: > > Is there any Debian package (or free software outside of Debian) > > that can detect random ssh login attempts and blacklist (temporarily > > or permanently) the IP address? > > fwlogwatch purports to be able to do this (I haven't tried this > feature; ymmv). However, wouldn't it make more sense to simply limit > ssh to accept login attempts only from IPs you (or your users?) might > be coming from? Limiting login to certain ips tremendously decreases flexibility. Things such as remote admin from a dynamic ip, users on the road (or even being on the road yourself, etc). If you're strictly doing it in a work environment where you only access the servers from your own network, you're extremely fortunate. I rarely have that pleasure. This is Linux, where we're supposed to be able to have a server accessible to the world without having to worry about who can get in. Ok, so a good password should prevent the need for worry, but I still believe there should be an easier way than simply restricting ssh access to certain ips. To the OP, you might check out the following thread on the same subject from a couple months ago. It has a good stop-gap measure (pam) along with a couple more detailed solutions if you don't mind recompiling your kernel. The thread can be found at: http://lists.debian.org/debian-user/2004/09/msg03580.html HTH, Jacob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
