On Tue, 2004-07-27 at 12:12, Michael Sullivan wrote: > The kiddies using their script file to try to hack into my systems > through sshd using accounts guest and test tried again yesterday. This > morning I opened up the man page for sshd_config in Konquerer (the > colour coding is very nice) and discovered how I could deny access > through ssh from all accounts except the accounts that might use it > (this excludes guest and test). The other day I went in to each of the > user accounts and modified their .bashrc file so that when they log in > it asks them to change their password and boot them out. This will work > for now because for now the enemy script is only trying to inquire about > the nonexistent guest and test accounts. The IP addresses they try to > log in from vary slightly, but for the most part I think the first three > octets are the same. I looked through the man page for sshd_config for > a way to block their IP, but I couldn't find it. Does anyone here know > how to do this? Another safeguard to us is to limit the time to enter the password see < man sshd [-g] >. Normal grace period is 120 seconds. -- jludwig <wralphie@xxxxxxxxxxx>
