Sept. 30, 2008
6:42 p.m.
On Tue, 30 Sep 2008, Tal Cohen wrote:
Do you know the IP addresses of the users that ARE authorized to SSH into the system? If so, add them to /etc/hosts.allow. Tal
Assuming you have TCP Wrappers built into your server of course. Maybe it's built in by default there days. I haven't built an SSH Server from source in a long time. But if you do have it installed I believe you can add the offending IP in /etc/hosts.deny which would be much easier. And even better-er, if the attacker is coming from one IP and you have a firewall it would be more efficient to stop them there before they reach the SSH service. -- Gary