Block IP

security security at
Fri Dec 22 23:19:54 PST 2006

Oliver Fromme wrote:
> Graham Menhennitt wrote:
>  > Christopher Hilton wrote:
>  > > If it's at all possible switch to using public keys for authentication
>  > > with ssh and disallow password authentication. This completely stops
>  > > the brute forcing attacks from filling up your periodic security mail.
>  > Are you sure about that? I only allow PublickeyAuthentication ssh2
>  > connections but I get lots of security mail messages like:
>  > 
>  > Nov 16 01:44:08 maxwell sshd[70067]: Invalid user marcos from
>  > Nov 16 01:44:23 maxwell sshd[70067]: reverse mapping checking getaddrinfo for failed - POSSIBLE BREAKIN ATTEMPT!
> Those are caused by different things.  They're not caused
> by wrong passwords, but by an illegal user name (first line)
> or by non-matching reverse DNS (second line).  These things
> are checked even bevore any user keys are exchanged, so the
> authentication method doesn't matter.
> They can be savely ignored, because you're immune to brute-
> force attacks.  If you don't want to see them, a simple
> "egrep -v ..." in /etc/periodic/security/800.loginfail will
> do.
> Best regards
>    Oliver
I can't remember but has anyone mentioned "blocksshd"?  it's in
ports/security.  I still prefer locking down to public key only, but
blocksshd is nice.

More information about the freebsd-stable mailing list