Ticket #64 (closed task: fixed)

Opened 13 years ago

Last modified 12 years ago

ssh access should be more convenient

Reported by: joshuadf Owned by: joshuadf
Priority: minor Milestone:
Component: systems Version:
Keywords: Cc:

Description

SSH dictionary attacks are on the rise, and some of our users may not have strong passwords (plus it fills the logs). Right now I block everything off-campus and manually add home IP addresses to /etc/hosts.allow which is inconvenient.

Change History

comment:1 Changed 13 years ago by joshuadf

  • Status changed from new to assigned

On a couple of machines I'm trying out denyhosts http://denyhosts.sourceforge.net/faq.html It runs as a daemon and automatically adds attacking hosts to /etc/hosts.deny It's written in python, so I used the noarch FC3 RPM from http://fedoraproject.org/extras/3/i386/repodata/repoview/Applications.System.group.html I tried it once before and the daemon kept dying. Perhaps it's been improved.

comment:2 Changed 12 years ago by joshuadf

  • Status changed from assigned to closed
  • Resolution set to fixed

This has been working great for a couple weeks. The only problem is that attacking hosts often move on to other machines in our subnet, here are some comments inserted from several machines:

# DenyHosts: Thu Jun 15 20:53:57 2006 | sshd: 220.130.137.111
# DenyHosts: Thu Jun 15 20:54:09 2006 | sshd: 220.130.137.111
# DenyHosts: Thu Jun 15 20:54:09 2006 | sshd: 220.130.137.111
# DenyHosts: Thu Jun 15 20:54:14 2006 | sshd: 220.130.137.111
# DenyHosts: Thu Jun 15 20:54:14 2006 | sshd: 220.130.137.111
# DenyHosts: Thu Jun 15 20:57:40 2006 | sshd: 220.130.137.111
# DenyHosts: Thu Jun 15 20:57:44 2006 | sshd: 220.130.137.111
# DenyHosts: Thu Jun 15 20:57:47 2006 | sshd: 220.130.137.111
# DenyHosts: Thu Jun 15 20:57:48 2006 | sshd: 220.130.137.111
# DenyHosts: Thu Jun 15 20:58:05 2006 | sshd: 220.130.137.111
# DenyHosts: Thu Jun 15 20:59:26 2006 | sshd: 220.130.137.111
# DenyHosts: Fri Jun 16 01:22:39 2006 | sshd: 203.200.74.41
# DenyHosts: Fri Jun 16 01:33:12 2006 | sshd: 203.200.74.41
# DenyHosts: Fri Jun 16 01:38:52 2006 | sshd: 203.200.74.41
# DenyHosts: Fri Jun 16 01:39:35 2006 | sshd: 203.200.74.41
# DenyHosts: Fri Jun 16 02:21:39 2006 | sshd: 203.200.74.41

denyhosts has a "synchronization mode", but right now there is just one central server: http://denyhosts.sourceforge.net/faq.html#4_0 Maybe I'll try it on one host to see if it works.

Note: See TracTickets for help on using tickets.