denyhosts and the threshold level
Zbigniew Szalbot
zbyszek at szalbot.homedns.org
Mon Jun 18 05:52:23 UTC 2007
Hello,
I have denyhosts set with the following options:
DENY_THRESHOLD_INVALID = 3
DENY_THRESHOLD_VALID = 3
In my understanding this should block all ssh login attempts from a host
which fails to provide correct login credentials 3 times (no matter if
the user actually exists or not at my system). This appears to work. But
I have a question. When I look at the log I can see something like that:
Failed password for root from 218.9.127.236 port 46472 ssh2 Jun 17
19:55:38 lists sshd[8048]:
Failed password for root from 218.9.127.236 port 46631 ssh2 Jun 17
19:55:42 lists sshd[8052]:
Failed password for root from 218.9.127.236 port 46786 ssh2 Jun 17
19:55:45 lists sshd[8057]:
Failed password for root from 218.9.127.236 port 46952 ssh2 Jun 17
19:55:49 lists sshd[8069]:
Failed password for root from 218.9.127.236 port 47106 ssh2 Jun 17
19:55:53 lists sshd[8071]:
Failed password for root from 218.9.127.236 port 47261 ssh2 Jun 17
19:55:56 lists sshd[8075]:
Failed password for root from 218.9.127.236 port 47414 ssh2 Jun 17
19:56:00 lists sshd[8079]:
Failed password for root from 218.9.127.236 port 47566 ssh2 Jun 17
19:56:03 lists sshd[8081]:
How can I determine whether the user has actually been cut off after 3
attempts? Or does the above mean that the user was not blocked?
Many thanks for your advice!
Warm regards from Poland.
Zbigniew Szalbot
More information about the freebsd-questions
mailing list