Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Augustus SFX van Dusen
August 17, 2005, 9:56 pm
rate this thread
months, and it turns out to be the case that the vast majority of break-in
attempts had their origin in China, Taiwan or South Korea (one can't help
but wondering but the problem is with those guys, but that's sociological
issue irrelevant to this group.)
Since the attempts seem to be crude dictionary attacks, the only thing
that they have achieved has been to leave their data in my logs. I was
wondering whether things could be arranged so that those logs are not even
created in the first place?
What I would like is for the SSH server (OpenSSH, in this case) to behave
in such a way that, whenever a connection is received from a host at a
blacklisted domain, the connection is simply refused. That is, instead of
completing the SSH handshake, the server terminates the dialog at that
Re: Premature termination of SSH connection attempts
If your sshd is built with tcpwrappers (most distros do these days)
then you can put "sshd: .cn" into hosts.deny. See the hosts_access(5)
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum