| Stephen Gran on 23 Mar 2009 16:03:16 -0700 |
|
On Mon, Mar 23, 2009 at 11:10:49PM +0100, sean finney said: > just FYI, the last time i checked (around the DSA ssh key debacle), > fail2ban was unable to automatically detect and block failed key-based > logins. i don't recall whether this was a fault in fail2ban or the > logging facility of sshd... It's sort of more feature than bug, but it's sshd. If left at the default log level (INFO), sshd won't log key transactions until the final failed login. If upped to DEBUG (IIRC), it will. fail2ban doesn't have an explicit regex for key based auth, but it will pick up the regular failed login line. In order to block brute force key based attacks, you'd have to write your own (rather trivial) regex to catch them after turning up verbosity in sshd. Cheers, -- -------------------------------------------------------------------------- | Stephen Gran | An intellectual is someone whose mind | | steve@lobefin.net | watches itself. -- Albert Camus | | http://www.lobefin.net/~steve | | -------------------------------------------------------------------------- Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|