Gary Hanley wrote:
On Tue, 30 Sep 2008, Tal Cohen wrote:
Do you know the IP addresses of the users that ARE authorized to SSH into the system? If so, add them to /etc/hosts.allow. Tal
Assuming you have TCP Wrappers built into your server of course. Maybe it's built in by default there days. I haven't built an SSH Server from source in a long time.
But if you do have it installed I believe you can add the offending IP in /etc/hosts.deny which would be much easier. And even better-er, if the attacker is coming from one IP and you have a firewall it would be more efficient to stop them there before they reach the SSH service.
-- Gary _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug Coming from multiple points so that kills the stopping them at the firewall. I could stop them through hosts.allow/deny though...
-- Eric Martin Key fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F