<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8"> <META NAME="GENERATOR" CONTENT="GtkHTML/3.0.9"> </HEAD> <BODY> Unfortunately I cannot lock my SSH source hosts as they are always different and I got tired of constantly blocking at my firewall. Worked up swatch this config below to modify the host IPTABLES and drop traffic if root was attempted or if a non existent user was provided. For those not familiar with swatch you can get it here: <A HREF="http://swatch.sourceforge.net/">http://swatch.sourceforge.net/</A> Make sure you get 3.0.8 because "exec" was not working for me in the newer versions. good luck #start watchfor /sshd.*: Failed password for root from/ mail=myaddress,subject=Root_Login_Attempt exec /sbin/iptables -I INPUT -i eth0 -s $11 -d 0/0 -p tcp --dport 22 -j DROP watchfor /sshd.*: Illegal user/ mail=myaddress,subject=Illegal_user_attempt exec /sbin/iptables -I INPUT -i eth0 -s $10 -d 0/0 -p tcp --dport 22 -j DROP #end On Wed, 2004-08-04 at 13:45, Jack Bowling wrote: <BLOCKQUOTE TYPE=CITE> <PRE>On Wed, Aug 04, 2004 at 11:54:03AM -0400, ne... wrote: > On Aug 4, 2004 at 11:03, Matt Morgan in a soothing rage wrote: > > [...] > >So use hosts.allow instead, and specify the few particular hosts that > >are allowed to attempt to connect. Everyone else will be summarily > >rejected. (Firewalling the world is not a bad option, either). > Does SSH use tcp wrappers on FC? If no, then modifying hosts.allow > and/or hosts.deny would be futile. If you have less than three > users connecting to your machine using ssh, I would just add > those users to the AllowUsers directive, else create a group and > add the users to it then use the AllowGroups directive. Yes, FC has tcp wrapper-enabled sshd. Not using the hosts.access files to add another layer of security is foolhardy, IMO. -- Jack Bowling mailto: jbinpg@shaw.ca </PRE> </BLOCKQUOTE> </BODY> </HTML>