https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903164#M283365 I forgot something.<BR /><BR />I wrote an hp daemon that uses the syslog to detect invalid login attempts and block those IP's. If you want it, I can crank up a system with it and give it to you.<BR /><BR />You may use my itrc profile to reach out to me for it. I think however my first approach is better.<BR /><BR />SEP Thu, 23 Nov 2006 05:58:44 GMT Steven E. Protter 2006-11-23T05:58:44Z https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903162#M283363 Hi everybody,<BR />My server is an HP-UX B.11.23 (trusted system).<BR />This system is a pop server with ssh activated in order to login to the server from the outside (OpenSSH_4.1).<BR />The problem is that we are victim of ssh attacks (dictionnary attack) and the consequence is that the root account is locked. All days, I have to reactivate my root account. In addition, it causes problem for maintennace operation...<BR />In the sshd_config file I add the following line :<BR />PermitRootLogin no<BR />but it seems to not blocking the attempt...<BR />So, I would like to block IP address which try to log on my ssh server with too many unsuccesfull attempt...<BR />Could you please advice me for the best solution ? Maybe I found a way with the use of keep state in ipfilter. Is it a good solution in my case ?<BR /><BR />Thanks in advance for your replies.<BR />Herve Thu, 23 Nov 2006 05:17:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903162#M283363 ballans 2006-11-23T05:17:49Z https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903163#M283364 Shalom,<BR /><BR />Options:<BR />1) Install HP ipfilter from <A href="http://software.hp.com" target="_blank">http://software.hp.com</A> (its free) and set the system up to limit where ssh connections can come from.<BR />2) Use a firewall to do the same thing.<BR /><BR />We had the same problem with our web servers and stopped it by limiting inbound ssh to our 30 or so offices world-wide.<BR /><BR />SEP Thu, 23 Nov 2006 05:57:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903163#M283364 Steven E. Protter 2006-11-23T05:57:05Z https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903164#M283365 I forgot something.<BR /><BR />I wrote an hp daemon that uses the syslog to detect invalid login attempts and block those IP's. If you want it, I can crank up a system with it and give it to you.<BR /><BR />You may use my itrc profile to reach out to me for it. I think however my first approach is better.<BR /><BR />SEP Thu, 23 Nov 2006 05:58:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903164#M283365 Steven E. Protter 2006-11-23T05:58:44Z https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903165#M283366 You can use also : <BR /><BR />AllowUsers user1,user2,..., userx<BR /><BR />in sshd_config<BR /><BR />without root user.<BR /><BR /><BR />regards,<BR />ivan Thu, 23 Nov 2006 06:42:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903165#M283366 Ivan Krastev 2006-11-23T06:42:16Z https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903166#M283367 Hi,<BR /><BR />Modify file /etc/opt/ssh/sshd_config<BR /><BR />permitRootLogin no<BR /><BR />Restart sshd daemon.<BR /><BR />rgs.<BR /> Thu, 23 Nov 2006 07:04:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/protecting-ssh-server-connections/m-p/3903166#M283367 rariasn 2006-11-23T07:04:06Z