On Feb 10, 2007, at 9:55 AM, Robert T Wyatt wrote:
In addition to modifying the denyhosts.cfg file as recommended in thedenyhosts FAQ, the following settings must be made in the sshd_config file:PasswordAuthentication no UsePAM yes UseDNS noThese settings 1) bypass the rudimentary password authentication so thatPAM can be triggered, 2) trigger PAM, and 3) allow IP addresses to be passed to asl.log so that they may be captured by the denyhosts REGEX pattern (otherwise the associated domain name is passed).
I haven't tried setting UsePAM to yes and see no reason to do so, but that's another topic. This certainly wouldn't enable DenyHosts. As I wrote in my original message, a scripted brute-force attack involves many attempts to log in as an invalid user. Those events are logged by sshd at priority level 6 and so DO NOT appear in asl.log when syslogd is running in its default mode. DenyHosts will never see them unless you change the configuration of syslogd. The Fink package can and should do that without modifying any system files, except to install a daemonic startup item.
Even then, the log entries aren't recognized by DenyHosts, because the regular expression provided in the config file doesn't match them. I posted one that does.
Linc Davis PGP signature attached DH/DSS 2048/1024 D625 5F4F 4884 144D BCA5 4522 4F65 04BF FA0D 30AD
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Fink-users mailing list Fink-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fink-users
