Re: OpenSSH -- a way to block recurrent login failures?

From: Albert Lunde (atlunde_at_panix.com)
Date: 09/23/04

  • Next message: Richard R: "PubkeyAuthentication for Specific User Only"
    Date: Thu, 23 Sep 2004 08:55:24 -0400
    To: secureshell@securityfocus.com
    
    

    On Wed, Sep 22, 2004 at 01:38:14AM +0200, Javier Sanchez wrote:
    > Instead of running ssh from xinetd and modify the hosts.deny file using
    > a script, why not let the script watch excessive failures in auth.log
    > and pushing and iptables rule ?? I think that this is an easiest way to
    > solve the issue.

    If OpenSSH is built with tcp_wrappers support it's not necessary
    to run under inetd/xinetd, the daemon runs normally but checks the
    API for access rules. (A really mutant idea would be to replace
    the tcp_wrappers library with something else offering the same
    API, or search for the API calls in the OpenSSH code and replace
    them with your own hooks. This could be a way to avoid going
    through the filesystem.)


  • Next message: Richard R: "PubkeyAuthentication for Specific User Only"