You are not logged in.
I am trying to deny hacking/probing of my ssh port for my home linux server.
There are several ways to do this that I know of and I choose denyhost.
I have a requirement such that I can access my home server from everywhere and hence I place
in my /etc/hosts.allow
sshd : ALL : ALLOW
But with the code above, any entries placed by denyhosts in /etc/hosts.deny doesn't take effect.
Any without the code above and I can't access from anywhere.
It is not possible for me to place IP address range in /etc/hosts.allow since I will ssh from anywhere and the IP address is dynamic.
I am enquirying my fellow experienced Archers on how to make the entries made by Denyhosts workable
especially those who are sshing from everywhere.
I have already made ssh secure by disabling password authentication and even change the port address just a couple of hours ago.
But I still find probing/hacking attempts in /var/log/auth.log
Last edited by archlinuxsagi (2009-03-28 10:35:32)
Offline
looks like I gave up too fast.
The below faq by denyhosts solved it.
Can I use a non-standard hosts.deny file?
Yes. To do so follow this procedure:
edit your HOSTS_DENY configuration value to point it to another file such as "/etc/hosts.evil".
edit your BLOCK_SERVICE configuration value and leave it blank
edit your /etc/hosts.allow file and add:
sshd: ALL EXCEPT /etc/hosts.evil
issue the following command:
touch /etc/hosts.evil
This will result in tcp_wrappers allowing all hosts to login except for those hosts explicitly listed in /etc/hosts.evil.
Offline
Blocking ip adresses is not a real security measure btw as they can be spoofed.
Offline
You're better off using iptables than denyhosts.
[git] | [AURpkgs] | [arch-games]
Offline