From owner-freebsd-security@FreeBSD.ORG  Sun Sep 19 12:48:07 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4115016A4CE
	for <freebsd-security@freebsd.org>;
	Sun, 19 Sep 2004 12:48:07 +0000 (GMT)
Received: from Neo-Vortex.Ath.Cx (203-206-16-210.dyn.iinet.net.au
	[203.206.16.210])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7D32143D2D
	for <freebsd-security@freebsd.org>;
	Sun, 19 Sep 2004 12:47:46 +0000 (GMT)
	(envelope-from root@Neo-Vortex.Ath.Cx)
Received: from localhost.Neo-Vortex.got-root.cc
	(Neo-Vortex@localhost.Neo-Vortex.got-root.cc [127.0.0.1])
	by Neo-Vortex.Ath.Cx (8.12.10/8.12.10) with ESMTP id i8JCl75x076457;
	Sun, 19 Sep 2004 22:47:12 +1000 (EST)
	(envelope-from root@Neo-Vortex.Ath.Cx)
Date: Sun, 19 Sep 2004 22:47:07 +1000 (EST)
From: Neo-Vortex <root@Neo-Vortex.Ath.Cx>
To: Terry <terry@mrtux.co.uk>
In-Reply-To: <414D7D7E.9040301@mrtux.co.uk>
Message-ID: <20040919224629.L75607@Neo-Vortex.Ath.Cx>
References: <20040919120131.4B2F916A4D8@hub.freebsd.org>
	<414D7D7E.9040301@mrtux.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-security@freebsd.org
Subject: Re:sshd security
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Sep 2004 12:48:07 -0000



On Sun, 19 Sep 2004, Terry wrote:

> I had the same problem so i setup up hosts.allow to only allow access
> from certain ips i require
> This has the affect of killing the connection from any other ip befor
> gettign to any login prompt
> example below
> sshd : localhost : allow
> sshd : 192.168.2. : allow
> sshd : 82.41.115.213 :allow
> sshd : 216.123.248.219 : allow  <-- public ip i wish to allow of course
> i have changed it
> sshd : all : deny
>
> This then shows in log instead of failed login attempts
>
> dot.blah.co.uk refused connections:
> Sep 17 22:11:55 dlt sshd[35669]: refused connect from usen-219x113x213x21.ap-US.usen.ad.jp (219.113.213.21)

you could always just use ipf/ipfw if the log messages are annoying you...

> Regards Terry