[Charset iso-8859-1 unsupported, filtering to ASCII...] > >> >> It appears to have been a hack. rpm -V openssh-server showed that >> sshd has been modified. >> >> I'll be damned if I know how they got in. I drop ssh packets after 3 attempts >> in one minute in iptables. I review logs every morning. >> >> I deleted all ssh packages from one of the minor servers and reinstalled them >> and everything worked ok ppublickeys etc. I know that's not the solution. >> >> Looks like I have several reinstalls to do. Unless someone has a better idea? >> >> Thanks for everyone's help. >> >> Mike >> > >Can someone give me an example of how to quickly and easily deny ssh access >from one network interface but allow it from another. For example, disallow >from the internet but allow from an internal net? Assuming your iptables is running on the host itself, and not on a border firewall, and that eth1 is the internet, then something like: iptables -A INPUT -i eth1 -p udp -dport 22 -j DROP (can ssh make udp connections?) iptables -A INPUT -i eth1 -p tcp -dport 22 -j DROP near the top of your ruleset (before any -j ACCEPT) should do it. If you ever discover how this happened, I for one would be *very* interested to know. Good luck, Terry > >TIA, > >Mike > > >-- >fedora-list mailing list >fedora-list@xxxxxxxxxx >To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list >