Once upon a time, Jerry James <loganjerry@xxxxxxxxx> said: > On Wed, Jun 11, 2014 at 9:50 AM, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > Usually the best thing would be to open a infrastructure ticket. > > > > I've hopefully fixed your IP too now tho. ;) > > This kind of problem is just going to keep happening to those of us > with dynamic IP addresses from large ISPs. Plus, since there are > multiple possible causes of the error message that gets generated as a > result, it takes the poor sap who experiences the problem some time > and difficulty to figure out that his IP address has been blocked at > the server side. (I speak from experience.) > > I hate to say it, but maybe denyhosts shouldn't be used in this case. Yeah, I've found fail2ban (where IP blocks are expired in a reasonable time) to be a much better option than denyhosts. It is also "nicer" to the server because you can block connections with iptables, rather than forking sshd processes only to close the connection. Also, if you want, you can configure fail2ban with escalating length blocks (so "first offense" is 5 minutes, then "3 strikes" gets you an hour, etc.). -- Chris Adams <linux@xxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
