Automatic blacklist of IP-addresses.
Enrico Weigelt
weigelt at metux.de
Sat Jan 7 03:53:06 EST 2006
* Peter Stuge <stuge-openssh-unix-dev at cdy.org> schrieb:
<snip>
> This has been suggested before, but rejected.
>
> The recommended way to implement this is to monitor log output from
> OpenSSH and make appropriate changes to the firewall settings.
hmm. how could this be implemented ?
We need a way to get the failed attemts to some other process.
Some external event handler, which gets called on all noticable
events with appropriate parameters, could help.
ie. for login fail:
$HANDLER login-failed <username> <ip> <auth-method> ...
succed login
$HANDLER login-granted <username> <ip> <auth-method> <tty>
...
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT service
phone: +49 36207 519931 www: http://www.metux.de/
fax: +49 36207 519932 email: contact at metux.de
cellphone: +49 174 7066481
---------------------------------------------------------------------
-- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops --
---------------------------------------------------------------------
More information about the openssh-unix-dev
mailing list