Lars Behrens wrote: > Am Montag, 27. Oktober 2008 schrieb René Berber: > >>> If I get you right, there is no way to make it work in a way that it bans >>> an IP if there is only *one* such log entry ? >> Yes it can ban on one hit, but you have to configure DH to ban anything >> on one hit... which is like shooting yourself on the foot. > > Of course. > >> If you want this rule to ban on one hit, and the other rules to ban >> using the normal procedure, then you have to modify the code in DH. >> >> So, there are many ways, but the regular operation is not one of them.
Actually there is one simple way: if you have strict control and only public keys are used (the possibility of real user mistakes is zero), then the "one bad try and you're out" configuration does work. In fact I use it with root and restricted accounts (which includes accounts that don't exist), root is never allowed to just log in, sshd is configured to only allow it from specific places (inside the LAN). So its a combination of sshd configuration, use of public keys, and DH banning on one hit. -- René Berber ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
