NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

help? fighting ssh user/password guessing attempts

Dear Group,

in my /var/log/authlog I can see many hackers attempting to get access to my system by trying arbitrary usernames. First of all I have disabled password authentication so valid users can ony login with a key. Still I'd like to lock the respective hosts out, from where these attacks originate.

My research has brought up several programs / demons that parse the authlog file at certain time intervals and adjust the firewall accordingly. Among them are fail2ban, denyhost OSsec, and blockhosts.

I've also found PAM-af, which is available through pkgsrc If I understand correctly, this hooks immediately into the authentication framework and can repel attacks at the place where they get detected first. Although I have read Chapter 17 of the NetBSD Guide I don't really understand it. What config files do I have to modify how? Is PAM and / or a firewall (which? - PF, IPFilter, iptables) enabled by default?

I still need more assistance in setting PAM-af up. Can somebody please help me or point out a howto? Does anybody have experience with PAM-af?

Kind Regards


Home | Main Index | Thread Index | Old Index