[ale] Pretty Ugly Out There!
Mills, John M.
Mills.J at ems-t.com
Wed Mar 8 09:03:41 EST 2006
ALErs -
I'm currently logging many hundreds - perhaps thousands - of daily
attempts to get SSH logins on my home box. They come in sequences of
user names (10-20 typically) from one IP, then a different bunch from
another. The guessed account names are starting to cycle through searchs
that might actually hit a real username.
I would like to lock any given originating IP out of access or out of
SSH login for some period after some number of failures (against
different usernames). Is there a simple way to do this with or between
'ipchains' and 'open-ssh'?
Also, what steps should I take to smoothly migrate a user from one
username to another? I.e. if I just change the login name in 'passwd',
shadow' and 'groups', what side effects am I likely to hit?
This box started as RH-7.3, though it's evolved quite a bit with time
(SSH updates in particular).
Thanks.
- Mills
More information about the Ale
mailing list