Re: denyhosts and the threshold level
Hello, Norberto Meijome wrote: On Mon, 18 Jun 2007 07:51:23 +0200 Zbigniew Szalbot [EMAIL PROTECTED] wrote: Failed password for root from 218.9.127.236 port 47414 ssh2 Jun 17 19:56:00 lists sshd[8079]: Failed password for root from 218.9.127.236 port 47566 ssh2 Jun 17 19:56:03 lists sshd[8081]: Of course, you have root logins via ssh disabled anyway.. right? ;) Of course! But thanks for checking :) I see that denyhosts is blocking hosts so I sleep better now :) Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: denyhosts and the threshold level
On Sunday 17 June 2007, Zbigniew Szalbot said: Hello, I have denyhosts set with the following options: DENY_THRESHOLD_INVALID = 3 DENY_THRESHOLD_VALID = 3 In my understanding this should block all ssh login attempts from a host which fails to provide correct login credentials 3 times (no matter if the user actually exists or not at my system). This appears to work. But I have a question. When I look at the log I can see something like that: Failed password for root from 218.9.127.236 port 46472 ssh2 Jun 17 19:55:38 lists sshd[8048]: Failed password for root from 218.9.127.236 port 46631 ssh2 Jun 17 19:55:42 lists sshd[8052]: Failed password for root from 218.9.127.236 port 46786 ssh2 Jun 17 19:55:45 lists sshd[8057]: Failed password for root from 218.9.127.236 port 46952 ssh2 Jun 17 19:55:49 lists sshd[8069]: Failed password for root from 218.9.127.236 port 47106 ssh2 Jun 17 19:55:53 lists sshd[8071]: Failed password for root from 218.9.127.236 port 47261 ssh2 Jun 17 19:55:56 lists sshd[8075]: Failed password for root from 218.9.127.236 port 47414 ssh2 Jun 17 19:56:00 lists sshd[8079]: Failed password for root from 218.9.127.236 port 47566 ssh2 Jun 17 19:56:03 lists sshd[8081]: How can I determine whether the user has actually been cut off after 3 attempts? Or does the above mean that the user was not blocked? Many thanks for your advice! Warm regards from Poland. Zbigniew Szalbot I use denyhosts on a couple of my servers. Those login scripts try many a second. It takes denyhosts a bit of time to catch it. As for them being blocked root should be receiving mail telling you what IP was blocked. What I see above looks about normal for the app. Beech -- --- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.FreeBSD.org/releases/6.2R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: denyhosts and the threshold level
On Mon, 18 Jun 2007 07:51:23 +0200 Zbigniew Szalbot [EMAIL PROTECTED] wrote: Failed password for root from 218.9.127.236 port 47414 ssh2 Jun 17 19:56:00 lists sshd[8079]: Failed password for root from 218.9.127.236 port 47566 ssh2 Jun 17 19:56:03 lists sshd[8081]: Of course, you have root logins via ssh disabled anyway.. right? ;) _ {Beto|Norberto|Numard} Meijome I don't think they could put him in a mental hospital. On the other hand, if he were already in, I don't think they'd let him out. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
denyhosts and the threshold level
Hello, I have denyhosts set with the following options: DENY_THRESHOLD_INVALID = 3 DENY_THRESHOLD_VALID = 3 In my understanding this should block all ssh login attempts from a host which fails to provide correct login credentials 3 times (no matter if the user actually exists or not at my system). This appears to work. But I have a question. When I look at the log I can see something like that: Failed password for root from 218.9.127.236 port 46472 ssh2 Jun 17 19:55:38 lists sshd[8048]: Failed password for root from 218.9.127.236 port 46631 ssh2 Jun 17 19:55:42 lists sshd[8052]: Failed password for root from 218.9.127.236 port 46786 ssh2 Jun 17 19:55:45 lists sshd[8057]: Failed password for root from 218.9.127.236 port 46952 ssh2 Jun 17 19:55:49 lists sshd[8069]: Failed password for root from 218.9.127.236 port 47106 ssh2 Jun 17 19:55:53 lists sshd[8071]: Failed password for root from 218.9.127.236 port 47261 ssh2 Jun 17 19:55:56 lists sshd[8075]: Failed password for root from 218.9.127.236 port 47414 ssh2 Jun 17 19:56:00 lists sshd[8079]: Failed password for root from 218.9.127.236 port 47566 ssh2 Jun 17 19:56:03 lists sshd[8081]: How can I determine whether the user has actually been cut off after 3 attempts? Or does the above mean that the user was not blocked? Many thanks for your advice! Warm regards from Poland. Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]