Menu
▾
▴
Re: [Fail2ban-users] [SPAM] some unwelcome log_entries since 2?weeks
|
From: Klaus L. <leh...@t-...> - 2008-12-12 10:08:06
|
On Sun, 7 Dec 2008 12:25:34 -0500, Yaroslav Halchenko wrote: Hi Yaroslav I'm so sorry Yaroslav, to answer so late. There was too much work for one people ;-) <cit>> but one (silly?) question: <cit>> is it possible to allow for sshd (in settings) <cit>> -only user 12345 can try to login <cit>sure -- man ssh_config (on debian systems at least), and search for <cit>"AllowUsers" <cit> <cit>> -we will block every other user_name <cit>to hunt just for incorrect user name, make a copy of sshd filter (e.g. <cit>name it sshd-incorrectuseronly.conf) and remove all other entries, <cit>leaving just <cit>^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$ <cit>I guess, and then create a copy of ssh jail but using <cit>sshd-incorrectuseronly filter and set maxretry=1 what a fabolous idea. I must have thinked twice, than understanding Your (simple) construct. sometimes I'm not a speedy_thinka. It works very nice with new trunk (get today) for 0.8.3 and, in new trunk there's also another VERY nice solution: apache-nohome.conf [NEW!!!!] thanks for all so goods. <cit>> .....this would be a 1000x more better solution. <cit>might be a bit of pain for the users as well -- if they have different <cit>login name on the originating box and forgotten to setup their <cit>.ssh/config or to state login name explicitly, you would ban them <cit>immediately after the first attempt. there's only one people, who gets on my server's. it's me, the silly klaus ;-) it helps, to define extactly: who are me, who are the others? ;-) Yours very Klaus |