Hi,
I'm trying to get fail2ban to work on the host and keep getting error
messages like:
,
| Jan 08 21:13:04 [/etc/init.d/fail2ban] You have to create an init script for
each container:
| Jan 08 21:13:04 [/etc/init.d/fail2ban] ln -s lxc /etc/init.d/lxc.container
| Jan 08 21:13:05
see https://bugs.gentoo.org/show_bug.cgi?id=536320
lee writes:
> Hi,
>
> I'm trying to get fail2ban to work on the host and keep getting error
> messages like:
>
>
> ,
> | Jan 08 21:13:04 [/etc/init.d/fail2ban] You have to create an init script
> for eac
вс, 7 февр. 2021 г. в 04:47, Dan Egli :
Hi Dan,
> 2021-02-06 18:30:28,128 fail2ban.server [32124]: ERROR Unable to
> import fail2ban database module as sqlite is not available.
Some debugging from
https://github.com/fail2ban/fail2ban/issues/2608#issuecomment-576450793
:
fail2ban-
AFAIK fail2ban tails log files to find login failures, but when i try lsof
its not reading daemon.log/auth.log/whatever for sshd's login failure
messages.
# ps -ef | grep fail2
root 518 1 0 Jan01 ?00:05:22 /usr/bin/python3.4
/usr/lib64/python-exec/python3.4/fail2ban-serv
Looking at the code, Fail2ban uses Inotify to know when a file has changed,
and only at that point it's open and read.
Inotify watches don't appear in open files.
Mickaël
2015-01-06 1:53 GMT+01:00 Adam Carter :
> AFAIK fail2ban tails log files to find login failures, but when i t
On Sun, Jan 11, 2015 at 1:47 PM, lee wrote:
>
> Same here, so why does fail2ban get involved with containers?
>
Seems like there are three options here.
1. Run fail2ban on the host and have it look into the containers,
monitor their logs, and add host iptables rules to block connection
Rich Freeman writes:
> On Sun, Jan 11, 2015 at 1:47 PM, lee wrote:
>>
>> Same here, so why does fail2ban get involved with containers?
>>
>
> Seems like there are three options here.
> 1. Run fail2ban on the host and have it look into the containers,
> monitor
You were right. With the debugging tips from Alex Mishustin I was able
to determine that I had rebuilt 3.9 while fail2ban was using 3.8. I did
what I SHOULD have done in the first place and did an emerge -DN
fail2ban. That caused portage to see that Python 3.8 needed to be
rebuilt, and it did
Rich Freeman writes:
> On Thu, Jan 15, 2015 at 3:32 PM, lee wrote:
>> Rich Freeman writes:
>>
>>> 2. Run fail2ban in each container and have it monitor its own logs,
>>> and then add host iptables rules to block connections.
>>
>> Containers must n
Hi all,
i was looking up the gentoo wiki on fail2ban [1] to have it look at it's
own log file fail2ban.log in order to block repeat offenders for longer
as abuse@offender doesn't really seem to help these days.
then i saw a warning saying fail2ban not blocking all requests which i
f
On 16/09/2017 23:25, Stroller wrote:
>
>> On 16 Sep 2017, at 20:31, Alan McKinnon wrote:
>>
>> As far as I'm aware (and could be wrong), sshguard is mostly just sshd
>> whereas fail2ban works on anything you can give it consistent logs for.
>
> I thought
On 01/09/2015 12:18, Marc Joliet_1 wrote:
> On Tuesday 01 September 2015 11:55:12 Alan McKinnon wrote:
>> On 01/09/2015 02:12, cov...@ccs.covici.com wrote:
> [...]
>>
>> Got it, finally :-)
>>
>> fail2ban wants sys-apps/systemd[python(-)], and systemd-219_p1
start fail2ban-server:
2021-02-06 18:30:28,128 fail2ban.server [32124]: ERROR Unable to
import fail2ban database module as sqlite is not available.
At first I thought it was complaining about it's own missing module. But
there's no use flag for sqlite in fail2ban. So then I looked at
sense, the meaning doesn't :-)
>>>>>>>
>>>>>>> It looks like fail2ban wants systemd without python support, but the
>>>>>>> true reason is still hidden. The fail2ban ebuild has this:
>>>>>>>
>>&
> On 16 Sep 2017, at 20:31, Alan McKinnon wrote:
>
> As far as I'm aware (and could be wrong), sshguard is mostly just sshd
> whereas fail2ban works on anything you can give it consistent logs for.
I thought otherwise, but you appear to be right - SSHGuard appears to have o
On Monday 28 Apr 2014 20:54:18 thegeezer wrote:
> On 04/21/2014 08:02 PM, thegeezer wrote:
> > Hi all,
> > i was looking up the gentoo wiki on fail2ban [1] to have it look at it's
> > own log file fail2ban.log in order to block repeat offenders for longer
> > as ab
On Tuesday 01 September 2015 11:55:12 Alan McKinnon wrote:
>On 01/09/2015 02:12, cov...@ccs.covici.com wrote:
[...]
>
>Got it, finally :-)
>
>fail2ban wants sys-apps/systemd[python(-)], and systemd-219_p112 is the
>highest version with an explicit python USE flag. All later ver
Alan McKinnon wrote:
> On 01/09/2015 02:12, cov...@ccs.covici.com wrote:
> > Alan McKinnon wrote:
> >
> >> On 31/08/2015 18:54, cov...@ccs.covici.com wrote:
> >>>> The words make sense, the meaning doesn't :-)
> >>>>>
> >>&
On Mon, Sep 26, 2011 at 9:45 PM, wrote:
> I have fail2ban set up and it works quite well, except for the fact that
> whenever it sends me an Email, it always sends two copies. Every night
> when the logs rotate, it does this twice, once when t stops and once
> when it restarts, and
On Sat, 2021-02-06 at 18:46 -0700, Dan Egli wrote:
>
> At first I thought it was complaining about it's own missing module. But
> there's no use flag for sqlite in fail2ban. So then I looked at python
> itself. Sure enough, the sqlite use flag was disabled. So I turned i
On 01/09/2015 02:12, cov...@ccs.covici.com wrote:
> Alan McKinnon wrote:
>
>> On 31/08/2015 18:54, cov...@ccs.covici.com wrote:
>>>> The words make sense, the meaning doesn't :-)
>>>>>
>>>>> It looks like fail2ban wants systemd withou
On Thu, Jan 15, 2015 at 3:32 PM, lee wrote:
> Rich Freeman writes:
>
>> 2. Run fail2ban in each container and have it monitor its own logs,
>> and then add host iptables rules to block connections.
>
> Containers must not be able to change the firewalling rules of the hos
On 04/21/2014 08:02 PM, thegeezer wrote:
> Hi all,
> i was looking up the gentoo wiki on fail2ban [1] to have it look at it's
> own log file fail2ban.log in order to block repeat offenders for longer
> as abuse@offender doesn't really seem to help these days.
>
>
On Tue, Sep 1, 2015 at 5:55 AM, Alan McKinnon wrote:
> Got it, finally :-)
>
> fail2ban wants sys-apps/systemd[python(-)], and systemd-219_p112 is the
> highest version with an explicit python USE flag. All later versions do
> not have the flag at all.
>
> Your choices are ei
On 16/09/2017 16:06, Stroller wrote:
> Is anyone familiar enough with this subject to make a comparison between
> these two programs, please?
>
> If I google Fail2Ban vs SSHGuard I get many hits saying "I use this one", but
> no-one saying why one might be better than t
Rich Freeman wrote:
> On Tue, Sep 1, 2015 at 5:55 AM, Alan McKinnon wrote:
> > Got it, finally :-)
> >
> > fail2ban wants sys-apps/systemd[python(-)], and systemd-219_p112 is the
> > highest version with an explicit python USE flag. All later versions do
&
mically apply a packet filter rule. The software also does it all
> day every day, and that's a record you the human cannot hope to match :-)
I'm happy to say fail2ban is running now:
# fail2ban-client status
Status
|- Number of jail: 10
`- Jail list: nginx-botsearch, nginx-http-auth
I have fail2ban set up and it works quite well, except for the fact that
whenever it sends me an Email, it always sends two copies. Every night
when the logs rotate, it does this twice, once when t stops and once
when it restarts, and when it bans an ip it also sends two emails saying
so.
any
Is anyone familiar enough with this subject to make a comparison between these
two programs, please?
If I google Fail2Ban vs SSHGuard I get many hits saying "I use this one", but
no-one saying why one might be better than the other.
So far I'm favouring SSHGuard, but mostly beca
Rich Freeman writes:
> On Sun, Jan 11, 2015 at 10:48 AM, lee wrote:
>>>
>>> I don't want to run fail2ban in the container because the container must
>>> not mess with the firewall settings of the host. If a container can do
>>> that, then what
On 2/5/21 6:57 AM, William Kenworthy wrote:
Use fail2ban to target active abusers using your logs. (recommended)
I've had extremely good luck using Fail2Ban in a distributed
configuration* such that when one of my servers bans an IP, my other
servers also (almost) immediately ban the sa
On Sunday 15 November 2009 08:21:55 Walter Dnes wrote:
> On Sat, Nov 14, 2009 at 07:07:28PM -0500, Richard Marza wrote
>
> > Thank you for the information, I did find that denyhost and fail2ban in
> > threads but there were issues with it not working properly. Some users
On 31/08/2015 18:54, cov...@ccs.covici.com wrote:
>> The words make sense, the meaning doesn't :-)
>> >
>> > It looks like fail2ban wants systemd without python support, but the
>> > true reason is still hidden. The fail2b
On Sun, Jan 11, 2015 at 10:48 AM, lee wrote:
>>
>> I don't want to run fail2ban in the container because the container must
>> not mess with the firewall settings of the host. If a container can do
>> that, then what's the point of having containers in the fi
ed now?
>>
>>
>> I can't see a reason why systemd is being downgraded; the previous
>> output either lists just "sys-apps/systemd" or uses a ">=" operator.
>> Nothing to say why 219_p112 is the highest usable version.
>>
>> Once the em
On Sat, Jan 17, 2015 at 7:56 AM, lee wrote:
> Rich Freeman writes:
>>
>> Depends on how you run it, but yes, you might have multiple instances
>> of fail2ban running this way consuming additional RAM. If you were
>> really clever with your container setup they could s
nation
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain fail2ban-SSH (0 references)
> target prot opt source destina
On Tue, Sep 06, 2016 at 01:57:54PM -0700, Grant wrote:
> > Hi, my site is being ravaged by an IP but dropping the IP via
> > shorewall is seeming to have no effect. I'm using his IP from nginx
> > logs.
What you really need is to set up net-anlyzer/fail2ban and not do this
pps/systemd[python(-),python_targets_python2_7(-),python_single_t
arget_python2_7(+),python_targets_python3_4(-)]
>
>
required by (net-analyzer/fail2ban-0.9.2:0/0::gentoo, installed)
>
>
>
>
> Would you like to merge these packages? [Yes/No]
>
There are a couple of
ute force attempts is no fun. I like to have the crap in place A and the
> real stuff in place B, makes my job so much easier
>
I agree 100% with the above - another issue is that I'd like to block
all traffic from malicious hosts - I realise that the traffic is low at
the moment, but tha
On 6/20/2010 5:06 PM, deface wrote:
Try fail2ban
How about reading the whole thread before posting a one liner?
kashani
>> Does anyone know how to block, or auto programs in Gentoo to
>> limit
>> or stop people scanning for a user/password hacking on your
>> firewall?
fail2ban
In gmane.linux.gentoo.user, you wrote:
> On Sunday 15 November 2009 08:21:55 Walter Dnes wrote:
>> On Sat, Nov 14, 2009 at 07:07:28PM -0500, Richard Marza wrote
>>
>> > Thank you for the information, I did find that denyhost and fail2ban in
>> > threads but ther
and the tables are shown as clear with iptables -L.
proxy vhosts.d # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt
es.
I've opened them all up to ACCEPT all packets. The only rule is for
masquerading IPs going out on ppp0, and that's working fine for the
most part. There are also Fail2Ban tables for SSH, but
these tables appear to be working fine. Full iptables are listed below.
I tested a
Alan McKinnon wrote:
> On 31/08/2015 18:54, cov...@ccs.covici.com wrote:
> >> The words make sense, the meaning doesn't :-)
> >> >
> >> > It looks like fail2ban wants systemd without python support, but the
> >> > true reason is still hidden.
at Sep 24 02:57:42 2011
# Generated by iptables-save v1.4.12.1 on Sat Sep 24 02:57:42 2011
*filter
:INPUT ACCEPT [683278:162916016]
:FORWARD ACCEPT [18:1044]
:OUTPUT ACCEPT [750201:170843065]
:fail2ban-SSH - [0:0]
:fail2ban-apache - [0:0]
COMMIT
# Completed on Sat Sep 24 02:57:42 2011
The wlan interface t
In addition to fail2ban, look at deny2hosts and sshdfilter.
fire-eyes wrote:
James Colby wrote:
List members -
I am running OpenSSH on my home gentoo server. I was examining the
log files for OpenSSH and I noticed multiple login attempts from the
same IP address but with different user
UNDREDS of such solutions out there. Did you even try to Google
first?
fail2ban & denyhosts are quite popular and get the job done.
OSSEC is a full blown IDS that I use at work, it functions very well but
is
probably overkill for your needs.
Last hint: You do NOT want to block hosts permanen
e what blocking ssh-bruteforce attempts should be good
for, at least on a server where few _users_ are active.
The chance that security of a well configured system will be compromised
by that is next to zero, and on recent systems it is also impossible to
cause significant load with ssh-login-attempts.
said that for many years. Then some bright spark actually
looked at the patches the debian openssh maintainer was applying and we all
had one of those special "oops..." moments
Did you have any idea of just how weak certs made on a debian box were before
it hit the headlines? No-one I
> In addition to fail2ban, look at deny2hosts and sshdfilter.
accidentally i was solving the same problem today.
i tried to use hosts.allow/deny but it seems sshd doesnt
reflect to them (i have tcpd use flag on).
is openssh on gentoo supposed to work with these files ?
bye,
pavel
--
gentoo-u
facing, with DNSsec.
> Then you need your chosen name server (bind), your chosen fw ruleset
> generators (iptables, maybe some other front end) and maybe fail2ban or
> one of it's friends if you find some port gets hammered.
fail2ban. an excellent additional package.
> Ho
on my system, this
with fail2ban installed and 1500+ IPs currently blacklisted.
Stroller.
Am Sonntag, 7. Oktober 2007 11:40:10 schrieb Mick:
> Hi All,
>
> Can you please advise what I could do to block IP addresses that have
> repeatedly failed to log in?
I think you're looking for: net-analyzer/fail2ban (http://www.fail2ban.org)
Regards, Elias P.
--
A really nice
On Sunday 07 October 2007, Elias Probst wrote:
> Am Sonntag, 7. Oktober 2007 11:40:10 schrieb Mick:
> > Hi All,
> >
> > Can you please advise what I could do to block IP addresses that have
> > repeatedly failed to log in?
>
> I think you're lo
On 17/06/2010 10:26 AM, Rod wrote:
Hi,
Does anyone know how to block, or auto programs in Gentoo to limit
or stop people scanning for a user/password hacking on your firewall?
Hi,
Just a update, I found the program I had running "Fail2Ban" was
broken, so I have
On Sat, Nov 14, 2009 at 07:07:28PM -0500, Richard Marza wrote
> Thank you for the information, I did find that denyhost and fail2ban in
> threads but there were issues with it not working properly. Some users
> created custom scripts to get the job done correctly.
Have you consi
Pavel Sanda wrote:
>> In addition to fail2ban, look at deny2hosts and sshdfilter.
>
> accidentally i was solving the same problem today.
> i tried to use hosts.allow/deny but it seems sshd doesnt
> reflect to them (i have tcpd use flag on).
> is openssh on gentoo supposed to
ython-systemd" ? I
> don't see that anywhere in this thread.
>
> As far as I can tell everything should work as long as you emerge that
> first, or on the same command line as fail2ban, as the bug indicates.
> You shouldn't have to mess with any systemd USE flag se
of packets then that
> will saturate your connection and simply dropping them at the server
> won't fix the latency this will cause for the good packets. In such
> an attack you need to block those packets as far upstream as you can
> before connections start getting saturated.
Rod writes:
> Does anyone know how to block, or auto programs in Gentoo to limit
> or stop people scanning for a user/password hacking on your firewall?
I am using net-analyzer/fail2ban. That can block an IP after some
unsuccessful login attempts. This helps a lot, but not against bo
if a minimum of
> attempts has occured and blocks them indefinitely based on that?
I am using net-analyzer/fail2ban for this. There is also app-
admin/denyhosts, which gets a list of offending IPs from a server. But it
may only be for SSH.
Wonko
manuell.
After reading a good iptables tutorial, you may want to take a look at
shorewall and it's documentation.
If you're referring to IP addresses from which you receive emails that
are spam, I'd recommend getting familiar with exim and perhaps
spamassassin. For extreme cases, you might want to use something like
fail2ban.
r network and
>> network card and consume some CPU (even more if you're logging them).
>> If you're being flooded by a very large volume of packets then that
>> will saturate your connection and simply dropping them at the server
>> won't fix the latency this
n some target list, the
> volume of calls can become quite high. Trying to manually block the bots is
> a
> tedious and ineffective task, because the professionals will add yet one more
> compromised IP address to their herd faster than you can block them. A
> scripted honeypot to au
3 -j WAN4
COMMIT
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:fail2ban-SSH
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A fail2ban-SSH -j RETURN
COMMIT
want to have a look at fail2ban. I recall it kicks in much faster.
However, the best approach to this would probably be to use iptables and set a
limit as to how many connections an unknown host could start.
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
On Tuesday 07 November 2006 21:44, fire-eyes wrote:
> Pavel Sanda wrote:
> >> In addition to fail2ban, look at deny2hosts and sshdfilter.
> >
> > accidentally i was solving the same problem today.
> > i tried to use hosts.allow/deny but it seems sshd doesnt
> &
ing) -
> though, now, I'm tempted by the more professional looking sshguard -
> thanks for the tip. Of course, this doesn't really address
> the problem
> I posted about - because I'm now faced with a highly distributed
> dictionary attack...
Fail2ban is iptables ba
I block everything inbound and only open what's specifically needed. I
use denyhosts and fail2ban to block bad guys from all ports.
ot; or uses a ">=" operator.
> Nothing to say why 219_p112 is the highest usable version.
>
> Once the emerge finishes and portage has done what it wants, run these
> commands:
>
> emerge -pv systemd
> emerge -pv =systemd-225
>
> (225 being latest in the tree)
e just made a mistake in their DNS config (or maybe used a
wildcard record), and set the PTR record to be
postmas...@dns.cablecentro.net.co instead of a hostname. I'm assuming the
reason you usually see IP addresses is that there is no PTR record set for that
IP
Are you running Fail2ban or similar?
Rgs,
Adam
ess connections in cafes.
>
> kashani
>
>
> --
> Powered by Flux Labs
> http://www.fluxlabs.net
>
Try fail2ban
iptables.
> Something that checks to see if a minimum of attempts has occured and
> blocks them indefinitely based on that?
There are HUNDREDS of such solutions out there. Did you even try to Google
first?
fail2ban & denyhosts are quite popular and get the job done.
OSSEC is a full blown IDS
)]
required by (virtual/libgudev-215-r3:0/0::gentoo, installed)
sys-apps/systemd[python(-),python_targets_python2_7(-),python_single_target_python2_7(+),python_targets_python3_4(-)]
required by (net-analyzer/fail2ban-0.9.2:0/0::gentoo, installed)
Would you like to merge these packages? [Yes/No]
that your logs fill with failed log in attempts.
>
> The easiest way I have found to avoid that is to change the port number
> of the SSH daemon to something else than 22.
I am trying out fail2ban, but I am not sure I have configured it correctly.
Shouldn't most of the
Thanks for all your suggestions...
I will look into fail2ban... that might be what I need... While I could
crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this
(AFAIK) will not persist blocks when the server is powered down or rebooted.
I need to retain port 22 and can
ys-apps/systemd -- in fact it will not
> let me reinstall the same version of systemd without the python use
> flag.
>
Can you attach the emerge output of "emerge -1 python-systemd" ? I
don't see that anywhere in this thread.
As far as I can tell everything should
is the first and most important step. This means that the only real
> > problem is that your logs fill with failed log in attempts.
> >
> > The easiest way I have found to avoid that is to change the port number
> > of the SSH daemon to something else than 22.
>
>
> >
> > Also, doing things such as running IMAP over SSL using accounts with
> > weak passwords doesn't gain you much either.
>
> Good points Albert. Is a daily 'emerge --sync && emerge -avDuN world'
> generally enough as far as tracking securi
into my SSH
> server
>
> Thanks for any ideas,
> James
What you're seeing is a common, automated dictionary style attack. There
are several ways to get rid of them.
The simplest way is to install fail2ban and it will create firewall rules.
The next less-simple way is to chang
On Sat, 2 Feb 2008 10:27:24 -0800
Grant <[EMAIL PROTECTED]> wrote:
> Well thank you for that. I had planned on setting up port knocking
> for ssh and cups but I guess I'm just as well off leaving them
> listening on 22 and 631?
Fail2Ban, though a little intensive, seems t
gt; MaxAuthTries
> Specifies the maximum number of authentication attempts
> permitted per connection. Once the number of failures
> reaches half this value, additional failures are logged.
> The default is 6.
Hi,
I use this
http://www.go2
On Wed, Sep 7, 2016 at 12:39 PM, Grant wrote:
>
> I said I was under attack but it was really just an unthrottled and
> very greedy bot. fail2ban would have gotten him. But while we're on
> the subject, how would you recommend thwarting a DDoS attack against a
> dedicate
On Thu, Feb 28, 2008 at 11:13:10AM +, Penguin Lover Steve squawked:
> Thanks for all your suggestions...
>
> I will look into fail2ban... that might be what I need... While I could
> crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this
> (AFAIK) will not
guring out where it is I broke something,
that would be greatly appreciated. As I said, I'm not sure how on-topic it
is for this particular list, but I'm getting nowhere with the avenues that
would probably be more appropriate.
Thanks in advance,
James
Have you looked into Fail2Ban ?
> > Well thank you for that. I had planned on setting up port knocking
> > for ssh and cups but I guess I'm just as well off leaving them
> > listening on 22 and 631?
>
> Fail2Ban, though a little intensive, seems to be a decent method for
> avoiding unwanted SSH
o this... rather than
recommendations for how to write something to do what I want from
scratch...
Steve
Try fail2ban. I started as newby on iptables and I still am, because it
is very easy to configure and does it job perfect.
http://gentoo-wiki.com/HOWTO_fail2ban
http://www.fail2ban.org/w
IP. I guess they
> could be trying to ssh u...@myhost.net or something. The one with
> [U2FsdGVkX19g32YZVKMsQkl+mouWITILOicY4Iq9OQo=] as the username is
> interesting. I wonder what that's all about.
>
I too use only PubKey but they need to send a username so ssh knows
where to lo
s short and enhances
security, in case there are users with simple passwords. Some days ago I
received 34 emails from fail2ban telling me about nightly couriersmtp
breakin attempts.
It does nt work out-of-the-box, but isn't too hard to configure. There are
some howtos, but be sure to read
ort on the
> outside, and redirect that to 22 on the inside. It's security through
> obscurity, I know, but it seemed quite effective nonetheless.
That's fuzzy-feel-good security, the kind where you feel all warm and
fuzzy and think you have protection. You don't, not even a
On Tuesday 07 November 2006 20:04, Brian Davis wrote:
> In addition to fail2ban, look at deny2hosts and sshdfilter.
>
> fire-eyes wrote:
> > James Colby wrote:
> >> List members -
[snip]
> >> My Gentoo box is connected to a linksys router connected to my cable
>
er
won't fix the latency this will cause for the good packets. In such
an attack you need to block those packets as far upstream as you can
before connections start getting saturated. This might be outside of
your network perimeter. This is why DDoS attacks are so potent, if
you use something like fail2ban to just set iptables are done you're
fixing the barn doors after the horses have already left.
--
Rich
nder what that's all about.
>>
>
> I too use only PubKey but they need to send a username so ssh knows
> where to look for the public key. Your two options boil down to
>
> 1) install fail2ban (I installed it on all of my external ssh boxes and
> I love it)
> 2) chang
meaningful harvest.
> I have already disabled PAM authentication on sshd so that only users with a
> public key in their ~/.ssh can login.
Host-based authentication is one possible solution. Fail2ban
was already mentioned, too.
A bit more difficult is the ban by iptables. This one is
worki
ting cupsd ... [ ok ]
* ERROR: cannot start fail2ban as net.wlan0 would not start
* ERROR: cannot start netmount as net.wlan0 would not start
* ERROR: cannot start samba as net.wlan0 would not start
* Starting S.M.A.R.T. monitoring daemon ...
l+mouWITILOicY4Iq9OQo=] as the username is
>>> interesting. I wonder what that's all about.
>>>
>> I too use only PubKey but they need to send a username so ssh knows
>> where to look for the public key. Your two options boil down to
>>
>> 1) inst
nough, although the longer the better), and that you do not rotate
your logs every couple of hours, you should feel relatively comfortable.
That said, what do you see in the rotated logs?
Besides port knocking in your future system (or this one if you are sticking
with it) consider trying out fail2
user, that your passwd is reasonably
> strong (random alpha-numeric chars & symbols) and long (more than 10 should
> be safe enough, although the longer the better), and that you do not rotate
> your logs every couple of hours, you should feel relatively comfortable.
> That said, what do
1 - 100 of 131 matches
Mail list logo