Re: OpenSSH -- a way to block recurrent login failures?
From: Albert Lunde (atlunde_at_panix.com)
Date: 09/23/04
- Previous message: Muhammad Naseer Bhatti: "RE: Replacing User Authentication Method (with version)"
- In reply to: Javier Sanchez: "Re: OpenSSH -- a way to block recurrent login failures?"
- Next in thread: Warner, Randy: "RE: OpenSSH -- a way to block recurrent login failures?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Sep 2004 08:55:24 -0400 To: secureshell@securityfocus.com
On Wed, Sep 22, 2004 at 01:38:14AM +0200, Javier Sanchez wrote:
> Instead of running ssh from xinetd and modify the hosts.deny file using
> a script, why not let the script watch excessive failures in auth.log
> and pushing and iptables rule ?? I think that this is an easiest way to
> solve the issue.
If OpenSSH is built with tcp_wrappers support it's not necessary
to run under inetd/xinetd, the daemon runs normally but checks the
API for access rules. (A really mutant idea would be to replace
the tcp_wrappers library with something else offering the same
API, or search for the API calls in the OpenSSH code and replace
them with your own hooks. This could be a way to avoid going
through the filesystem.)
- Previous message: Muhammad Naseer Bhatti: "RE: Replacing User Authentication Method (with version)"
- In reply to: Javier Sanchez: "Re: OpenSSH -- a way to block recurrent login failures?"
- Next in thread: Warner, Randy: "RE: OpenSSH -- a way to block recurrent login failures?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
