Re: OpenSSH -- a way to block recurrent login failures?
From: Albert Lunde (atlunde_at_panix.com)
Date: Thu, 23 Sep 2004 08:55:24 -0400 To: firstname.lastname@example.org
On Wed, Sep 22, 2004 at 01:38:14AM +0200, Javier Sanchez wrote:
> Instead of running ssh from xinetd and modify the hosts.deny file using
> a script, why not let the script watch excessive failures in auth.log
> and pushing and iptables rule ?? I think that this is an easiest way to
> solve the issue.
If OpenSSH is built with tcp_wrappers support it's not necessary
to run under inetd/xinetd, the daemon runs normally but checks the
API for access rules. (A really mutant idea would be to replace
the tcp_wrappers library with something else offering the same
API, or search for the API calls in the OpenSSH code and replace
them with your own hooks. This could be a way to avoid going
through the filesystem.)