From owner-freebsd-questions@FreeBSD.ORG Thu Jan 27 07:39:57 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D446616A4CE for ; Thu, 27 Jan 2005 07:39:57 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EA8F43D46 for ; Thu, 27 Jan 2005 07:39:57 +0000 (GMT) (envelope-from mail@myunix.net) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1Cu4Ft-0004nH-00; Thu, 27 Jan 2005 08:39:53 +0100 Received: from [84.128.8.241] (helo=[192.168.123.5]) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1Cu4Ft-0002mp-00; Thu, 27 Jan 2005 08:39:53 +0100 Message-ID: <41F89ACA.4070605@myunix.net> Date: Thu, 27 Jan 2005 08:39:54 +0100 From: Christian Tischler User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <41F60ECC.8050206@myunix.net> <16887.52221.648112.336027@szamoca.krvarr.bc.ca> In-Reply-To: <16887.52221.648112.336027@szamoca.krvarr.bc.ca> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:f535121c9cfa857f5d09ee37b87180a6 cc: Sandy Rutherford Subject: Re: Banning ips for some time? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2005 07:39:58 -0000 Sandy Rutherford wrote: >Christian, > >On Tue, 25 Jan 2005 you wrote: > > > .... my servers sshd reports 30 to 50 failed > > root/operator/etc. logins a day. I would like to block the incoming ip > > for a few days automaticly after e.g failed login requests. > > Currently I am using ipf, but it would be no problem to use any other > > FreeBSD firewall. > >For peace of mind, you can always use the AllowGroups, AllowUsers, >PermitRootLogin, .... options in sshd_config to remove ssh access to >root, uucp, operator, and other system accounts. I only permit ssh >access to user accounts. The scripts which are making these login >attempts are not typically going to try user accounts for obvious >reasons. If you need off-site root access you should be using su or >sudo bash anyway. I would recommend always turning off root access >via ssh. > >...Sandy >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > Thanks for the answer. You described roughly the way I run sshd by now. Christian