Block Unauthorized SSH attempts

[mx12]

I like having remote login turned on, but I have always notice that in my secure.log, there are always a lot of unauthorized ssh attempts. I realize that this is a dictionary attack because who ever is doing this users names like root, bob, mike ....

I was wondering if there was a way to "Blacklist" the ip address of those who are running a dictionary attack on my me? Preferably a way to automatically add an ip address after x number of failed attempts to some blacklist.

Thanks

 

[CarpetMonster]

I run Denyhosts on my linux box which works great. The author says it should work on OS X with some configuration changes, but I haven't tried it. Give it a go.

 

[toolbox]

If this is a option, you can change the default port which is 22, to something else eg 222?

 

[ChrisA]

I like having remote login turned on, but I have always notice that in my secure.log, there are always a lot of unauthorized ssh attempts. I realize that this is a dictionary attack because who ever is doing this users names like root, bob, mike ....

I was wondering if there was a way to "Blacklist" the ip address of those who are running a dictionary attack on my me? Preferably a way to automatically add an ip address after x number of failed attempts to some blacklist.

Thanks

Certainly that is the reason there are /etc/hosts/allow and /etc/hosts/deny files on your computer.

Read the hosts_access(5) man pages. You can have both a black list or a white list. The white list is safer.

type "man 5 hosts_access" in the terminal for more info.

BTW this works the same way on all Unix-like systems So if you Googel and it takes you to a Solars or Linix forum, that info applies here too.

 

[mx12]

Thanks

Sorry for the delay, I have had finals and projects to work on. I finally go a change to look at denyhosts and it is perfect. I had a little trouble with installing it so I create a tutorial for installing it on leopard on my website because its a pretty long.

http://www.kyle-taylor.com/codingtidbits/files/install_denyhost.html

 

[northerngit]

Thanks for the write up - brilliant. I use fail2ban on my Linux servers, so I thought people here might be interested in a blog post I stumbled across to get it working under OSX Server (10.4).

http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4)

Alternative options are always good

 

[ChrisA]

I run Denyhosts on my linux box which works great. The author says it should work on OS X with some configuration changes, but I haven't tried it. Give it a go.

Of course it will work on OS X. All you do is edit /etc/host.deny with any text editor. Read the man page for sshd. This is handled by "tcp wrappers" which ships with Mac OS. Maybe there is some program that edits the files for you but you don't need it.

 

[CarpetMonster]

Of course it will work on OS X. All you do is edit /etc/host.deny with any text editor. Read the man page for sshd. This is handled by "tcp wrappers" which ships with Mac OS. Maybe there is some program that edits the files for you but you don't need it.

Umm, I know how it works thank you. I was merely suggesting it and offering the disclaimer that I hadn't actually tried it on OS X.