I have an OpenSuse 11.1 machine with sshd visible to the outside world.
Since it’s only me who will log in to that machine, I would like to block anyone that fails at the second attempt to input the username (since I’m human too, and might mess up the first time) and to unconditionally block anyone that tries using the root account and maybe common used accounts by botnets like “test”, “admin”, “guest”,…
Also, even if it guesses the username, it should block at the third attempt of failed password (or the passphrase for the key I use).
I have set up the denyhosts.cfg like so:
DENY_THRESHOLD_INVALID = 1
DENY_THRESHOLD_VALID = 3
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
And I still get several attempts by the things. They do get blocked eventually, but after several attempts.
Sure, they are not much, but, I don’t know why those settings are not working.
Apr 12 04:37:40 linux-qybx sshd[31467]: Invalid user test from 117.21.249.75
Apr 12 04:37:44 linux-qybx sshd[31472]: Invalid user guest from 117.21.249.75
Apr 12 04:37:48 linux-qybx sshd[31477]: Invalid user admin from 117.21.249.75
Apr 12 04:37:51 linux-qybx sshd[31483]: Invalid user admin from 117.21.249.75
Apr 12 04:37:52 linux-qybx sshd[31488]: refused connect from 117.21.249.75 (117.21.249.75)
Apr 12 21:41:36 linux-qybx sshd[2805]: Did not receive identification string from 116.9.95.1
Apr 12 21:46:11 linux-qybx sshd[2857]: Invalid user fluffy from 116.9.95.1
Apr 12 21:46:14 linux-qybx sshd[2862]: Invalid user admin from 116.9.95.1
Apr 12 21:46:17 linux-qybx sshd[2869]: Invalid user test from 116.9.95.1
Apr 12 21:46:21 linux-qybx sshd[2875]: Invalid user guest from 116.9.95.1
Apr 12 21:46:24 linux-qybx sshd[2880]: Invalid user webmaster from 116.9.95.1
Apr 12 21:46:31 linux-qybx sshd[2896]: Invalid user oracle from 116.9.95.1
Apr 12 21:46:34 linux-qybx sshd[2904]: Invalid user library from 116.9.95.1
Apr 12 21:46:38 linux-qybx sshd[2909]: Invalid user info from 116.9.95.1
Apr 12 21:46:41 linux-qybx sshd[2924]: Invalid user shell from 116.9.95.1
Apr 12 21:46:42 linux-qybx sshd[2929]: refused connect from 116.9.95.1 (116.9.95.1)
Apr 13 07:07:52 linux-qybx sshd[4518]: Did not receive identification string from 61.184.136.164
Apr 13 13:18:20 linux-qybx sshd[5507]: Invalid user bind from 64.15.75.206
Apr 13 13:18:22 linux-qybx sshd[5512]: Invalid user oracle from 64.15.75.206
Apr 13 13:18:49 linux-qybx sshd[5607]: refused connect from 64.15.75.206 (64.15.75.206)
Apr 13 14:30:02 linux-qybx sshd[5801]: Did not receive identification string from 84.204.229.250
Apr 13 14:34:33 linux-qybx sshd[5809]: Invalid user trukulo from 84.204.229.250
Apr 13 14:34:37 linux-qybx sshd[5824]: Invalid user mzarza from 84.204.229.250
Apr 13 14:34:38 linux-qybx sshd[5829]: Invalid user help from 84.204.229.250
Apr 13 14:34:44 linux-qybx sshd[5854]: Invalid user myscoop from 84.204.229.250
Apr 13 14:34:49 linux-qybx sshd[5874]: Invalid user maciej from 84.204.229.250
Apr 13 14:34:50 linux-qybx sshd[5879]: refused connect from 84.204.229.250 (84.204.229.250)
Even if I input my username, and hammer the enter key (an thus inputting an empty passphrase) for like 20 times, it still accepts me.