Chris Mauritz wrote:
> Jerry Geis wrote:
>
>> I have quite a few entries in /var/log/messages for connection
>> attempts. Is there anything other
>> than ignoring them I can do? Example is below.
>>
>> Aug 21 15:48:19 machine sshd(pam_unix)[17903]: check pass; user unknown
>> Aug 21 15:48:19 machine sshd(pam_unix)[17903]: authentication
>> failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=wsip-24-234-149-156.lv.lv.cox.net
>>
>
If you don't have a lot of addresses that need access to ssh, you may
find it easiest and best to simply do a deny all, but allow some.
--In /etc/hosts.deny add
sshd : ALL
which does the deny all part...
--Then in /etc/hosts.allow add (substituting your IP address(es))
sshd : 192.243.74. : allow
to add a whole class C. or
sshd : localhost : allow
if there is a need to use localhost or
sshd : 192.243.74.5
for a particular IP address.
Restart services as needed. I'm not sure exactly which ones need to be
restarted. I normally do sshd and networking, which does do the trick,
but might be more than needed.
Be careful if this is a remote machine. If you get it wrong you may lock
yourself out. If you're on a dynamic IP range... as in dialup... again,
care must be taken.
I find it much easier to set up allows, than to do denies. It would
depend on the situation.
There are also several packages available to block attempts after 'so
many bad attempts', but if your situation is simple, it's easier to just
do the above.
John Hinton
