> NB: for my person, I have only ONE valid user, who's logging ON my
> servers. its me!
blunt reply: then don't make mistakes! ;) or use ssh keys ;)
in general idea is sound and I think Python regexps have such 'backward
lookup' feature, so theoretically could be done, someone should just do
it ;) I guess the one who needs it most ;)
in your case it is more interesting though -- you seems to experience a
distributed attack as far as I can see - varying quickly IPs... if
that is just a box where you or some limited circle of people should be
able to login, the simplest solution (adopted by me after all), is to
move sshd to some high port number which you favor, e.g. 16324 and
remembering it by heart or just tuning up your ~/.ssh/config to always
use it for those boxes. Yet another alternative -- knocking, I've used
it on few my systems but it is more hassle than just an alternative port
For me such solution works the best for semi-public (where # of people
is relatively small) boxes.
To get more defense -- you can still run fail2ban just in case if
someone discovers the magic port, or setup some catch ports, logging
with iptables and fail2ban rule to block such evil scanning IPs entirely
(I thought I had somewhere filter/action but oops -- can't find ;) there
are also ready other tools for such things, as portsentry).
On Tue, 22 Jun 2010, Klaus Lehmann wrote:
> hi there
> I'm so sorry: I'm so silly !!!!
> please, let me tell! ;-)
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@...
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^