Menu
▾
▴
Re: [Sshguard-users] using sshguard to block attempts at hpn enabled publickey only server
|
From: Vjaceslavs K. <vkl...@gm...> - 2015-01-19 20:44:32
|
Oops, my apologies. What I really meant to say is based on your advice I compiled dev version and it blocks based on that pattern like a charm. FYI, I looked at how Gentoo compiles the binary to make sure I am not missing anything important and discovered that patch http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-admin/sshguard/files/sshguard-1.5-day-starts-with-0.patch?view=markup is being applied to fix https://bugs.gentoo.org/show_bug.cgi?id=518988 Thank you. On Mon, Jan 19, 2015 at 11:43 AM, Vjaceslavs Klimovs <vkl...@gm...> wrote: > Hi, > I've recently switched some Internet facing machines from > "publickey,keyboard-interactive" to "publickey" only authentication. > On OpenSSH_6.7p1, that is achieved by setting > > PasswordAuthentication no > > in the sshd config. Server has HPN patches, so full version string > is OpenSSH_6.7p1-hpn14v5. I've noticed that sshguard no longer blocks > bruteforce attempts (like it used to when keyboard-interactive was > enabled). This is what appears in the logs: > > Jan 5 10:32:51 pulley sshd[24107]: SSH: Server;Ltype: Version;Remote: > 103.41.124.32-48688;Protocol: 2.0;Client: PUTTY > Jan 5 10:32:51 pulley sshd[24107]: SSH: Server;Ltype: Kex;Remote: > 103.41.124.32-48688;Enc: aes128-ctr;MAC: hmac-sha1;Comp: none [preauth] > Jan 5 10:32:51 pulley sshd[24105]: SSH: Server;Ltype: Authname;Remote: > 103.41.124.29-53907;Name: root [preauth] > Jan 5 10:32:51 pulley sshd[24105]: Received disconnect from 103.41.124.29: > 11: [preauth] > > Any ideas on how to achieve blocking in this case? > |
