John Marten wrote:
> You know what i mean? Every day I get some script kiddie, or adult
> trying to guess usernames or passwords.
> I've installed the newest version of SSH, so i'm covered there. But I
> still get a dozen or 2 of the
> "sshd Invalid user somename from ###.##.##.###"
> "input_userauth_request: ivalid user somename"
> "Failed password for invalid user somename"
> "Recieved disconnect from ###.##.##.###"
> Someone told me to add a 'block in quick on $net inet proto {tcp,udp}
> from ###.##.##.### to any flags S/SA'
> entry in my pf.conf file. But if I had do that for every hacker my
> pf.conf would be huge!
> There's got to be a better way, and I'm open to suggestions.
>
>
> John F. Marten III
>
> Information Technology Specialist
>
http://lfriends.franoculator.com/phpBB2/viewtopic.php?t=103
That's the hosts.deny method, for those of you scoring at home.
It's a good solution, but you're better off enabling DSA/RSA keys and
doing away with password auth altogether. Running sshd on a different
port never hurt anyone either.
HTH.
--
Matt
