I mentioned a post or so ago about a new application that I have started to run called logwatch. One of the things that I noticed in the output that I was getting from log watch was a fair number of failed ssh log in attempts. I looked like most of the attempts were automated hits using root/password to get in. This got me looking into a way to stop these types of attempts from happening. A quick google search lead me to denyhosts. It is a really simple but effective app that watches for failed attempts and will put the offending IP address in your
The only issue that I had once installing it was that my own IP was being blocked from my laptop while on my wireless connection (weird). To fix this I edited
/var/lib/denyhosts/allowed-hosts to add my IP info to keep me from being blocked.
grep sshd: /etc/hosts.deny | wc -l I can see that my hosts.deny file has gone from having no entries to having 100. And that is just in the timespan of a month or so.