Chris Mauritz wrote:
Jerry Geis wrote:
I have quite a few entries in /var/log/messages for connection attempts. Is there anything other than ignoring them I can do? Example is below.
Aug 21 15:48:19 machine sshd(pam_unix)[17903]: check pass; user unknown Aug 21 15:48:19 machine sshd(pam_unix)[17903]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=wsip-24-234-149-156.lv.lv.cox.net
If you don't have a lot of addresses that need access to ssh, you may find it easiest and best to simply do a deny all, but allow some.
--In /etc/hosts.deny add
sshd : ALL
which does the deny all part...
--Then in /etc/hosts.allow add (substituting your IP address(es))
sshd : 192.243.74. : allow
to add a whole class C. or
sshd : localhost : allow
if there is a need to use localhost or
sshd : 192.243.74.5
for a particular IP address.
Restart services as needed. I'm not sure exactly which ones need to be restarted. I normally do sshd and networking, which does do the trick, but might be more than needed.
Be careful if this is a remote machine. If you get it wrong you may lock yourself out. If you're on a dynamic IP range... as in dialup... again, care must be taken.
I find it much easier to set up allows, than to do denies. It would depend on the situation.
There are also several packages available to block attempts after 'so many bad attempts', but if your situation is simple, it's easier to just do the above.
John Hinton