> ...after a bit more investigation, here's my /etc/hosts.deny, based on the > 25,000 attempts in the last month!
Wrong approach. You do it the other way round. You work out which IP numbers need to connect to your ssh server (usually very few), the rest goes to /dev/null. To be really anal, restrict which users are allowed to use sshd, the rest gets a password failure until the sky comes down. Both can be configured within /etc/ssh/sshd_config, though using tcpwrappers as a first shield might be better. Even better, use your firewall. Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
