Two things: (1)
Check out DenyHosts - it's a small python script that scrapes your authentication logs and populates /etc/hosts.deny based on failed login attempts. http://denyhosts.sourceforge.net/ (2) If shutting off root ssh access seems too drastic, you can restrict root ssh logins from specific IP's. Like this: # /etc/ssh/sshd_config # The following notation is misleading: [EMAIL PROTECTED] means # any user from 'machine' can try to log in here as root. PermitRootLogin yes AllowUsers user1 user2 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Alan . -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
