I installed blockhosts on my openSUSE 11.0 Server, and it works so far.
I have only got one problem left, which is the way SSH logs loginattempts. I get multiple of those lines:
Jul 9 15:40:34 s15313878 sshd[12273]: error: PAM: Authentication failure for root from 82-135-192-12.static.zebra.lt
Jul 9 15:40:34 s15313878 sshd[12273]: error: PAM: Authentication failure for root from 82-135-192-12.static.zebra.lt
THe only problem is that blockhosts won’t block hostnames, it needs the IP.
The question is, where do I change that special logentry so that it won’t resolve the IP address? Am I correct that it is PAM that creates that entry rather than sshd?
Or, what would also work, if the ‘default’ ssh logs (i.e.:
Apr 20 12:34:30 hostname sshd[9701]: Failed password for invalid user root from 10.21.45.30 port 35993 ssh2
> I installed blockhosts on my openSUSE 11.0 Server, and it works so
> far.
>
> I have only got one problem left, which is the way SSH logs
> loginattempts. I get multiple of those lines:
>
>
> Code:
> --------------------
>
> Jul 9 15:40:34 s15313878 sshd[12273]: error: PAM: Authentication
> failure for root from 82-135-192-12.static.zebra.lt
> Jul 9 15:40:34 s15313878 sshd[12273]: error: PAM: Authentication
> failure for root from 82-135-192-12.static.zebra.lt
>
>
> --------------------
>
>
> THe only problem is that blockhosts won’t block hostnames, it needs the
> IP.
>
> The question is, where do I change that special logentry so that it
> won’t resolve the IP address?
You can try to disable dns lookups for sshd (daemon server). Edit
file /etc/ssh/sshd_config and set:
UseDNS no
Restart sshd daemon (rcsshd restart) and test again.
Please keep in mind this change may affect other services you have
configured to use with sshd. Just be sure this change will not affect them.
