Date: Mon, 18 Jun 2007 07:51:23 +0200 From: Zbigniew Szalbot <zbyszek@szalbot.homedns.org> To: freebsd-questions@freebsd.org Subject: denyhosts and the threshold level Message-ID: <46761D5B.1000406@szalbot.homedns.org>
next in thread | raw e-mail | index | archive | help
Hello, I have denyhosts set with the following options: DENY_THRESHOLD_INVALID = 3 DENY_THRESHOLD_VALID = 3 In my understanding this should block all ssh login attempts from a host which fails to provide correct login credentials 3 times (no matter if the user actually exists or not at my system). This appears to work. But I have a question. When I look at the log I can see something like that: Failed password for root from 218.9.127.236 port 46472 ssh2 Jun 17 19:55:38 lists sshd[8048]: Failed password for root from 218.9.127.236 port 46631 ssh2 Jun 17 19:55:42 lists sshd[8052]: Failed password for root from 218.9.127.236 port 46786 ssh2 Jun 17 19:55:45 lists sshd[8057]: Failed password for root from 218.9.127.236 port 46952 ssh2 Jun 17 19:55:49 lists sshd[8069]: Failed password for root from 218.9.127.236 port 47106 ssh2 Jun 17 19:55:53 lists sshd[8071]: Failed password for root from 218.9.127.236 port 47261 ssh2 Jun 17 19:55:56 lists sshd[8075]: Failed password for root from 218.9.127.236 port 47414 ssh2 Jun 17 19:56:00 lists sshd[8079]: Failed password for root from 218.9.127.236 port 47566 ssh2 Jun 17 19:56:03 lists sshd[8081]: How can I determine whether the user has actually been cut off after 3 attempts? Or does the above mean that the user was not blocked? Many thanks for your advice! Warm regards from Poland. Zbigniew Szalbot
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46761D5B.1000406>