Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to block the IP after many times fail login?
Top Forums UNIX for Dummies Questions & Answers How to block the IP after many times fail login? Post 54643 by dkaplowitz on Thursday 19th of August 2004 08:35:07 PM
Old 08-19-2004
You're probably seeing the results of this new automated ssh login tool that is discussed at length here:

http://seclists.org/lists/fulldisclo.../Jul/1109.html

I found it after I noticed many attempts from people to log in to my ssh server as either "root", "guest", "test" or "admin". The first thing I made sure was that my /etc/ssh/sshd_conf had "PerminRootLogin no" and that the line was uncommented. (I'm not in the habit of ever logging in as root, even from the console - su and sudo are my friends). Since I don't have the other 3 users on that system, there's not much to worry about from the morons who are running the ssh script.

But to get rid of the annoying attempts, I just added those IPs to a table of blocked IPs for in my (OpenBSD/PF) firewall. You can use sed and awk to parse your authlog for "Failed" or "Illegal", extract the IP from those lines, and automate something like this, depending on the firewall you use...or add them to /etc/hosts.deny. But be careful when automating this, it's easy to block valid IPs using such tools too.
Last edited by dkaplowitz; 08-19-2004 at 09:42 PM..
 

10 More Discussions You Might Find Interesting

1. AIX

Number of login times

Hi! I'm currently using AIX 4.3 and would like to know where can i find to see that there's a restriction on the number of login times a user can have. Example, I want to see whether user A has only 1 login while user B can have 2 logins (without logging off the first one). Would I be able to... (7 Replies)
Discussion started by: ftengcheng
7 Replies

2. Shell Programming and Scripting

Help script for login times

I am new to shellscript . PLease help me how can I write the following script. $ who ray pts/0 aug 31 01:18 ( 65.169.28.200 ) ray pts/1 sep 2 02:28 ( 65.169.28.200 ) bob pts/3 sep 2 02:31 ( 65.169.28.201 ) when run the command who |./ script , the script should... (3 Replies)
Discussion started by: LAY
3 Replies

3. BSD

Deny logon for x hours if login failed x times

Hello, I have a small inquiry. Sometimes, my good friend, Charlie Root, sends me security notifications that a possible breakin attempt has occured. It looks like this: Oct 29 06:58:17 cigva sshd: reverse mapping checking getaddrinfo for 180.144.164.220.broad.sm.yn.dynamic.163data.com.cn ... (2 Replies)
Discussion started by: brightstorm
2 Replies

4. HP-UX

where I can set login fail ,lock time

where I can set login fail ,lock time thanks (2 Replies)
Discussion started by: alert0919
2 Replies

5. HP-UX

Can not login to CDE -- only Fail Safe Session permitted

Hi, I am a hobbyist with a very old machine I have been trying to get up and running. I have an HP 9000/C240 with 1G of RAM and 3-8.5G HD. It is configured with 1G SWAP/DUMP. Currently only one drive is in use via LVM. I have not gotten around to creating more volumes just yet. It is running... (11 Replies)
Discussion started by: Dirk_
11 Replies

6. UNIX and Linux Applications

how to block imap/pop user's login

Is this possible to block particular user's email-client configuration on basis of pop/imap settings in linux ,dovecot.conf or anywhere ?As you know when acl is defined in /etc/squid/squid.conf file according to its http_access users are able to access internet. Before (1 Reply)
Discussion started by: sandeepvson
1 Replies

7. HP-UX

Fail safe during login.....

hi, i want to ask about why after im log in from CDE, it appears a pop up stated that i must go to Failsafe Session from the login screen's option menu and log in..... can anyone help??:) (2 Replies)
Discussion started by: ameer88
2 Replies

8. Red Hat

webmin login fail

Hi all, I got error, when i logged with webmin. please show me the way how can i login with webmin (4 Replies)
Discussion started by: mastansaheb
4 Replies

9. Solaris

Login Access fail

Hi, I need some help regarding login issue. I have to use 8 server. The username is same at all. But when i was trying to access for particular 4 server. I got access denied error. Please help .... Note: If i change my password by using root user. then I can able to enter into the same server.... (6 Replies)
Discussion started by: Mani_apr08
6 Replies

10. Programming

Problem with implementing the times() function in C (struct tms times return zero/negative values)

Hello, i'm trying to implement the times() function and i'm programming in C. I'm using the "struct tms" structure which consists of the fields: The tms_utime structure member is the CPU time charged for the execution of user instructions of the calling process. The tms_stime structure... (1 Reply)
Discussion started by: g_p
1 Replies

LEARN ABOUT SUSE

ssh-keysign

SSH-KEYSIGN(8)						    BSD System Manager's Manual 					    SSH-KEYSIGN(8)

NAME

     ssh-keysign -- ssh helper program for host-based authentication

SYNOPSIS

     ssh-keysign

DESCRIPTION

     ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
     SSH protocol version 2.

     ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
     EnableSSHKeysign to ``yes''.

     ssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8) for more information about host-based authen-
     tication.

FILES

     /etc/ssh/ssh_config
	     Controls whether ssh-keysign is enabled.

     /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
	     These files contain the private parts of the host keys used to generate the digital signature.  They should be owned by root, read-
	     able only by root, and not accessible to others.  Since they are readable only by root, ssh-keysign must be set-uid root if host-
	     based authentication is used.

SEE ALSO

     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS

     Markus Friedl <markus@openbsd.org>

BSD
								   May 31, 2007 							       BSD
All times are GMT -4. The time now is 12:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy