From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-security+bounces-288-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RKiyZ-0005KP-Ad
	for garchives@archives.gentoo.org; Mon, 31 Oct 2011 03:55:55 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E807321C040
	for <garchives@archives.gentoo.org>; Mon, 31 Oct 2011 03:55:54 +0000 (UTC)
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.199])
	by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j93CHID5009313
	for <gentoo-security@lists.gentoo.org>; Mon, 3 Oct 2005 12:17:19 GMT
Received: by xproxy.gmail.com with SMTP id s6so167229wxc
        for <gentoo-security@lists.gentoo.org>; Mon, 03 Oct 2005 05:25:23 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=jSi8AduPpuMfONL2lQbR9IIxS5u1HaYYMc/PHP7ILeX6ayl+j3WX9jF27dZruSAS5dgj4TsjIg2hDULhWzbCChgn5yrFUrVVMjpbel1flGqvuAUNKISDpH8vlfxEhMnuHUfPTinpOIQmuOds/c7hx2b0up8VBOQUlSeduD8gKhQ=
Received: by 10.70.84.16 with SMTP id h16mr39545wxb;
        Mon, 03 Oct 2005 05:25:23 -0700 (PDT)
Received: by 10.70.87.2 with HTTP; Mon, 3 Oct 2005 05:25:23 -0700 (PDT)
Message-ID: <cdfecd450510030525x1516cb50o9a2b76ee22f2f0ef@mail.gmail.com>
Date: Mon, 3 Oct 2005 14:25:23 +0200
From: Oscar Carlsson <monotux@gmail.com>
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
In-Reply-To: <43404CB8.3@lunatic.net.nz>
Precedence: bulk
List-Post: <mailto:gentoo-security@lists.gentoo.org>
List-Help: <mailto:gentoo-security+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-security+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-security+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
X-BeenThere: gentoo-security@gentoo.org
Reply-to: gentoo-security@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
References: <43404CB8.3@lunatic.net.nz>
X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id j93CHID5009313
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 588a17ab-eff3-49d6-b2e3-e7dd094485f0
X-Archives-Hash: 69375b33a26fcb32ff05e6617812317b

This is not firewall specific, but it makes me sleep better at night :)

Add this to /etc/ssh/sshd_config
AllowUsers youruser anotheruser

Put all the users who should be able to ssh into your machine, and no
one but them can log in... :)
pam_tally might be good to take a look at, also.

Good luck

On 10/2/05, Jeremy Brake <gentoolists@lunatic.net.nz> wrote:
> Hey all,
>
> I'm looking for an app/script which can monitor for failed ssh logins,
> and block using IPTables for $time after $number of failed logins (an
> exclusion list would be handy as well) so that I can put a quick stop t=
o
> these niggly brute-force ssh "attacks" I seem to be getting more and
> more often.
>
> Anyone have any ideas?
>
> Thanks, Jeremy B
> --
> gentoo-security@gentoo.org mailing list
>
>

--=20
gentoo-security@gentoo.org mailing list