Ola.
Notei uma certa falha no funcionamento do denyhosts. Mesmo que o denyhosts bloqueie uma tentativa de invasão do ip 200.200.200.200 com usuario "abobrinha" eu continuo recebendo atacques do ip 200.200.200.200 por qu ele tenta com usuários diferentes. O que eu posso fazer nesse caso ? Vou postar um pedaço do meu messages pra voces terem uma idéia:
tac /var/log/messages |grep sshd |more
Jan 23 19:10:25 gia sshd[9705]: Failed password for invalid user test from 3Com VCX Connect port 22872 ssh2
Jan 23 19:10:25 gia sshd[9705]: error: Could not get shadow information for NOUSER
Jan 23 19:10:25 gia sshd[9705]: Invalid user test from 3Com VCX Connect
Jan 23 19:10:23 gia sshd[9703]: Failed password for invalid user test from 3Com VCX Connect port 21722 ssh2
Jan 23 19:10:23 gia sshd[9703]: error: Could not get shadow information for NOUSER
Jan 23 19:10:23 gia sshd[9703]: Invalid user test from 3Com VCX Connect
Jan 23 19:10:20 gia sshd[9701]: Failed password for invalid user hermes from 3Com VCX Connect port 21487 ssh2
Jan 23 19:10:20 gia sshd[9701]: error: Could not get shadow information for NOUSER
Jan 23 19:10:20 gia sshd[9701]: Invalid user hermes from 3Com VCX Connect
Jan 23 19:10:18 gia sshd[9698]: Failed password for invalid user cyrus from 3Com VCX Connect port 20149 ssh2
Jan 23 19:10:18 gia sshd[9698]: error: Could not get shadow information for NOUSER
Jan 23 19:10:18 gia sshd[9698]: Invalid user cyrus from 3Com VCX Connect
Jan 23 19:10:16 gia sshd[9696]: Failed password for invalid user carlos from 3Com VCX Connect port 19962 ssh2
Jan 23 19:10:16 gia sshd[9696]: error: Could not get shadow information for NOUSER
Jan 23 19:10:16 gia sshd[9696]: Invalid user carlos from 3Com VCX Connect
Jan 23 19:10:13 gia sshd[9694]: Failed password for root from 3Com VCX Connect port 19251 ssh2
Jan 23 19:10:11 gia sshd[9692]: Failed password for invalid user admin from 3Com VCX Connect port 18510 ssh2
Jan 23 19:10:11 gia sshd[9692]: error: Could not get shadow information for NOUSER
Jan 23 19:10:11 gia sshd[9692]: Invalid user admin from 3Com VCX Connect
Jan 23 19:10:08 gia sshd[9690]: Failed password for invalid user toto from 3Com VCX Connect port 17136 ssh2
Jan 23 19:10:08 gia sshd[9690]: error: Could not get shadow information for NOUSER
Jan 23 19:10:08 gia sshd[9690]: Invalid user toto from 3Com VCX Connect
Jan 23 19:10:06 gia sshd[9684]: Failed password for invalid user wrestling from 3Com VCX Connect port 17021 ssh2
Jan 23 19:10:06 gia sshd[9684]: error: Could not get shadow information for NOUSER
Jan 23 19:10:06 gia sshd[9684]: Invalid user wrestling from 3Com VCX Connect
Jan 23 19:10:04 gia sshd[9679]: Failed password for invalid user admin from 3Com VCX Connect port 16896 ssh2
Jan 23 19:10:04 gia sshd[9679]: error: Could not get shadow information for NOUSER
Jan 23 19:10:04 gia sshd[9679]: Invalid user admin from 3Com VCX Connect
Jan 23 19:10:01 gia sshd[9661]: Failed password for invalid user admin from 3Com VCX Connect port 16194 ssh2
Jan 23 19:10:01 gia sshd[9661]: error: Could not get shadow information for NOUSER
Jan 23 19:10:01 gia sshd[9661]: Invalid user admin from 3Com VCX Connect
Jan 23 19:09:59 gia sshd[9659]: Failed password for root from 3Com VCX Connect port 15457 ssh2
Jan 23 19:09:57 gia sshd[9657]: Failed password for invalid user moshutzu from 3Com VCX Connect port 14731 ssh2
Jan 23 19:09:57 gia sshd[9657]: error: Could not get shadow information for NOUSER
Jan 23 19:09:57 gia sshd[9657]: Invalid user moshutzu from 3Com VCX Connect
Jan 23 19:09:54 gia sshd[9655]: Failed password for invalid user valas from 3Com VCX Connect port 13984 ssh2
Jan 23 19:09:54 gia sshd[9655]: error: Could not get shadow information for NOUSER
Jan 23 19:09:54 gia sshd[9655]: Invalid user valas from 3Com VCX Connect
Jan 23 19:09:52 gia sshd[9653]: Failed password for root from 3Com VCX Connect port 13265 ssh2
Jan 23 19:09:50 gia sshd[9651]: Failed password for root from 3Com VCX Connect port 12550 ssh2
Jan 23 19:09:47 gia sshd[9649]: Failed password for invalid user test from 3Com VCX Connect port 11824 ssh2
Jan 23 19:09:47 gia sshd[9649]: error: Could not get shadow information for NOUSER
Jan 23 19:09:47 gia sshd[9649]: Invalid user test from 3Com VCX Connect
Jan 23 19:09:45 gia sshd[9647]: Failed password for invalid user test from 3Com VCX Connect port 11099 ssh2
Sendo que o ip 3Com VCX Connect ja foi "bloqueado" pelo denyhosts e já consta no /etc/hosts.deny, porém, ele foi bloqueado com um outro usuário. Tem alguma maneira de eu bloquear o ip 3Com VCX Connect já na segunda tentativa de ataque, mesmo que esse host tente me atacar com usuários diferentes ?
[]'s, Renato