Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Disable ssh access for password-guessing bots' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Disable ssh access for password-guessing bots
Authored by: mush on Oct 10, '08 03:37:21PM

Wow! This is great!

Is there a way to get this to start up automatically during boot?

Thanks



[ Reply to This | # ]
Disable ssh access for password-guessing bots
Authored by: mush on Oct 10, '08 04:30:14PM

ok. I was able to make this start up at boot.

But now, in my console log, I'm getting the following messages:

10/10/08 7:20:22 PM com.apple.launchd[91] (se.sics.lra.denyhosts[548]) open("/tmp/denyhosts.out", ...): Permission denied
10/10/08 7:20:22 PM se.sics.lra.denyhosts[548] 27 failed attempts from 92.xxxx
10/10/08 7:20:22 PM se.sics.lra.denyhosts[548] 32 failed attempts from 202.xxxx
10/10/08 7:20:22 PM se.sics.lra.denyhosts[548] ipfw: socket: Operation not permitted
10/10/08 7:20:22 PM se.sics.lra.denyhosts[548] ipfw: socket: Operation not permitted

I'm worried about all of these messages happening every 20s.

I was able to stop the "Permission denied" by removing the print statement and the STDOUT key and string. That also remove the "failed attempts from" message, which is OK.

Any idea what the operation not permitted error is? If I do a 'sudo ipfw list' I do see those IP address blocked.

Thanks



[ Reply to This | # ]
Disable ssh access for password-guessing bots
Authored by: lras on Oct 14, '08 12:21:14AM

The problem is that your script is not running as root.
That's why you are not allowed to change the network settings with ipfw, and that's why you are not allowed to write to the /tmp/denyhosts.log, since there is probably a file with that name already which is owned by root. (It was created when you ran the agent earlier. And btw, it can safely be removed.)

I think you have managed to start the script running as yourself, perhaps by putting it in /Users/<yourlogin>/Library/LaunchAgents/ ?



[ Reply to This | # ]