Re: [gentoo-user] SSH authentication attempts - serious issue

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Leandro Melo de Sales" <leandroal@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] SSH authentication attempts - serious issue
Date: Mon, 5 Jun 2006 14:15:34 -0300	[thread overview]
Message-ID: <5bc4c4570606051015s7d7f7039s82afd5a5d097d221@mail.gmail.com> (raw)
In-Reply-To: <1823.192.168.0.11.1149521244.squirrel@www.kernelpanic.ch>

How can I recompiler openssh to support tcpwrapper? I can't find
/etc/hosts.allow neither /etc/hosts.deny. Is there something missing?
Is there a way to put tcpwrapper as a turned on option for all
programs that supports it?

Specifically for openssh I edit /etc/portage/package.use file and put:

net-misc/openssh tcpwrapper, but I got this:

# emerge --pretend openssh

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild   R   ] net-misc/openssh-4.3_p2-r1

I want to see +tcpwrapper...

Leandro

2006/6/5, Oliver Schmidt <oli@kernelpanic.ch>:
> > Hi,
> >
> >    today when I was checking the server log I got many external
> > attempts to connect to my sshd service:
> >
> > ...
> > Jun  5 05:09:45 embedded sshd[4740]: Invalid user barbara from x.y.w.z
> > Jun  5 05:09:46 embedded sshd[4742]: Invalid user barb from x.y.w.z
> > Jun  5 05:09:48 embedded sshd[4744]: Invalid user barbie from x.y.w.z
> > Jun  5 05:09:50 embedded sshd[4746]: Invalid user barbra from x.y.w.z
> > Jun  5 05:09:51 embedded sshd[4748]: Invalid user barman from x.y.w.z
> > Jun  5 05:09:53 embedded sshd[4750]: Invalid user barney from x.y.w.z
> > ...
> >
> > this seems to be a brute force attack, but one thing that worried me
> > is why sshd didn't disconnect the remote host after 3 unsuccessful
> > attemps? If we see in the log, there are many attemps with time
> > interval between attemps of 2 or 3 seconds meaning that the sshd
> > didn't disconnect the remote host after 3 attempts.
> >  So, first, Am I thinking correct about the sshd attempts?
> >  Second, how can I setup sshd or the entire system to permit just 2 or
> > 3 attempts of authentication? I was checking the /etc/login.defs file
> > and I see the following option:
> >
>
> Try use Denyhosts ... no problem with bruteforce attacks anymore. Denyhosts
> add the IP of the attacker to the /etc/hosts.deny file.
> Install it with:
> ACCEPT_KEYWORDS="~x86" emerge denyhosts
> and add to your /etc/crontab
> */10 * * * * root python /usr/bin/denyhosts -c /etc/denyhosts.conf
>
> Use it now for more then a year... its perfect to block bruteforce attacks.
>
> cheers
> Oli
>
>
> --
> gentoo-user@gentoo.org mailing list
>
>
-- 
gentoo-user@gentoo.org mailing list

next prev parent reply	other threads:[~2006-06-05 17:28 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-05 15:06 [gentoo-user] SSH authentication attempts - serious issue Leandro Melo de Sales
2006-06-05 15:27 ` Oliver Schmidt
2006-06-05 15:43   ` Richard Broersma Jr
2006-06-05 15:50   ` Willie Wong
2006-06-05 17:15   ` Leandro Melo de Sales [this message]
2006-06-05 17:47     ` Justin R Findlay
2006-06-05 22:21     ` Jeremy Olexa
2006-06-06  5:25       ` Leandro Melo de Sales
2006-06-05 17:56   ` Steven Susbauer
2006-06-05 15:30 ` Uwe Thiem
2006-06-05 16:09 ` Etaoin Shrdlu
2006-06-05 16:31 ` Joseph
2006-06-05 17:11   ` Leandro Melo de Sales
2006-06-05 17:12     ` Leandro Melo de Sales
2006-06-05 17:54       ` Petr Uzel
2006-06-05 20:48         ` Joseph
  -- strict thread matches above, loose matches on Subject: below --
2006-06-05 16:36 CR Little

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5bc4c4570606051015s7d7f7039s82afd5a5d097d221@mail.gmail.com \
    --to=leandroal@gmail.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox