I had the same problem, I deny any incoming connections from the offending IP pool on my firewall, and that seems to work, I show the attempts on my firewall, but no logs on my FC1 box. ;-) Don Dupy FC1 - Kernel 2.4.22 - Dell Poweredge 600SC http://www.maxxrad.net email: fedora@xxxxxxxxxxx On Tue, 27 Jul 2004, Alexander Dalloz wrote: > Am Di, den 27.07.2004 schrieb Michael Sullivan um 18:12: > > > The kiddies using their script file to try to hack into my systems > > through sshd using accounts guest and test tried again yesterday. This > > [ ... ] > > > the nonexistent guest and test accounts. The IP addresses they try to > > log in from vary slightly, but for the most part I think the first three > > octets are the same. I looked through the man page for sshd_config for > > a way to block their IP, but I couldn't find it. Does anyone here know > > how to do this? > > Using public key authentication you can restrict the key. See "man sshd" > for from="pattern-list". If you use password authentication you can't > restrict it within the sshd_config itself. I suggest you use iptables > reject rule(s) instead to block SSH (port 22) access for suspicious nets > - yes, I get this "hack attempts" for non existent account guest and > test too - or you allow port 22 connects only for specific nets at all > and let the rest reject. > > Alexander > > > -- > Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 > Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp > Serendipity 18:17:00 up 1 day, 3:23, load average: 0.36, 0.89, 0.98 >
