Block Unauthorized SSH attempts

Discussion in 'Mac OS X Server, Xserve, and Networking' started by mx12, Nov 10, 2008.

  1. mx12 macrumors newbie

    Joined:
    Oct 25, 2008
    #1
    I like having remote login turned on, but I have always notice that in my secure.log, there are always a lot of unauthorized ssh attempts. I realize that this is a dictionary attack because who ever is doing this users names like root, bob, mike ....

    I was wondering if there was a way to "Blacklist" the ip address of those who are running a dictionary attack on my me? Preferably a way to automatically add an ip address after x number of failed attempts to some blacklist.

    Thanks
     
  2. CarpetMonster macrumors newbie

    Joined:
    Jun 13, 2007
    #2
    I run Denyhosts on my linux box which works great. The author says it should work on OS X with some configuration changes, but I haven't tried it. Give it a go.
     
  3. toolbox macrumors 68020

    toolbox

    Joined:
    Oct 6, 2007
    Location:
    Australia (WA)
    #3
    If this is a option, you can change the default port which is 22, to something else eg 222?
     
  4. ChrisA macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #4
    Certainly that is the reason there are /etc/hosts/allow and /etc/hosts/deny files on your computer.

    Read the hosts_access(5) man pages. You can have both a black list or a white list. The white list is safer.

    type "man 5 hosts_access" in the terminal for more info.

    BTW this works the same way on all Unix-like systems So if you Googel and it takes you to a Solars or Linix forum, that info applies here too.
     
  5. mx12 thread starter macrumors newbie

    Joined:
    Oct 25, 2008
    #5
    Thanks

    Sorry for the delay, I have had finals and projects to work on. I finally go a change to look at denyhosts and it is perfect. I had a little trouble with installing it so I create a tutorial for installing it on leopard on my website because its a pretty long.

    http://www.kyle-taylor.com/codingtidbits/files/install_denyhost.html
     
  6. northerngit macrumors member

    Joined:
    Jul 16, 2007
    Location:
    England
    #6
  7. ChrisA macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #7
    Of course it will work on OS X. All you do is edit /etc/host.deny with any text editor. Read the man page for sshd. This is handled by "tcp wrappers" which ships with Mac OS. Maybe there is some program that edits the files for you but you don't need it.
     
  8. CarpetMonster macrumors newbie

    Joined:
    Jun 13, 2007
    #8
    Umm, I know how it works thank you. I was merely suggesting it and offering the disclaimer that I hadn't actually tried it on OS X.
     

Share This Page