Sandy Rutherford wrote:
Christian,
On Tue, 25 Jan 2005 you wrote:
> .... my servers sshd reports 30 to 50 failed > root/operator/etc. logins a day. I would like to block the incoming ip > for a few days automaticly after e.g failed login requests.
> Currently I am using ipf, but it would be no problem to use any other > FreeBSD firewall.
For peace of mind, you can always use the AllowGroups, AllowUsers, PermitRootLogin, .... options in sshd_config to remove ssh access to root, uucp, operator, and other system accounts. I only permit ssh access to user accounts. The scripts which are making these login attempts are not typically going to try user accounts for obvious reasons. If you need off-site root access you should be using su or sudo bash anyway. I would recommend always turning off root access via ssh.
...Sandy _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Thanks for the answer. You described roughly the way I run sshd by now.
Christian _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
