Linode Forum
https://forum.linode.com/

IPv6, ssh, and tcp-wrappers question
https://forum.linode.com/viewtopic.php?f=19&t=1886		 Page 1 of 1
Author:  anderiv [ Wed Sep 28, 2005 7:01 pm ]
Post subject:  IPv6, ssh, and tcp-wrappers question
requisite info:
- gentoo linux
- kernel-2.6.12.3

I'm trying to implement denyhosts to monitor my linode to thwart ssh brute-force attacks. This program monitors your syslogs and creates entries in /etc/hosts.deny for offending hosts.

The IPv6 support in the kernel is seeming to cause problems. In my syslog, all of the IP addresses are being logged in their IPv6 form. Whenever I try and enter one of those addresses (either in their v4 or v6 forms) in my hosts.deny file, it doesn't actually block the host. I'm not really sure where the problem lies.

Any ideas?
Author:  tronic [ Sat Oct 01, 2005 4:46 am ]
Post subject: 
I also run Gentoo on my Linode, with the same kernel. I run both IPv4 and IPv6 on the host, and have had v4 and v6 entries in TCP wrappers working ok. (Tested.)

What does your /etc/hosts.deny entry look like? Can you give an example?

It could look something like this:

Code:
sshd: [2001:499:23f::5e]

or

Code:
sshd: [2001:499:23f::5e]/120

First form is for a single IP (aka /128 in IPv6)

Second form is for a subnet (in this case, a /120 subnet, aka 256 hosts)

Make sure you do not have 'sshd: ALL' in your /etc/hosts.allow file or it will not check /etc/hosts.deny for sshd at all.

(See the man page for hosts.allow to see how it processes both file. It has some subtle behavior you need to be aware of.)

Also, what is the name of this program? It sounds interesting.
Author:  anderiv [ Fri Oct 14, 2005 2:00 pm ]
Post subject: 
Sorry for the delay in my response...the program is called DenyHosts.

A masked ebuild has recently become available in portage for it. I unmasked it and have been using it on several servers for about a week now, and it's working perfectly.
Author:  tronic [ Tue Nov 01, 2005 5:56 am ]
Post subject: 
anderiv wrote:
Sorry for the delay in my response...the program is called DenyHosts.

A masked ebuild has recently become available in portage for it. I unmasked it and have been using it on several servers for about a week now, and it's working perfectly.


Thanks!!!! I'm now sufficiently annoyed with all the silly ssh probes, and had been looking at my ssh log when I saw your post. :-)
Author:  anderiv [ Tue Nov 01, 2005 5:12 pm ]
Post subject: 
You're welcome! Hope it works well for you.
Author:  tierra [ Tue Nov 01, 2005 8:51 pm ]
Post subject: 
anderiv wrote:
Sorry for the delay in my response...the program is called DenyHosts.


On seeing this post maybe a week ago, I decided to give it a try. It turned out to be amazingly easy to setup, cleans up after itself, and has been doing a great job.

I'm assuming you got your IPv6 issue worked out? If so, what turned out to be the issue?
Author:  anderiv [ Tue Nov 01, 2005 9:36 pm ]
Post subject: 
Yes I did. I got it fixed long enough ago that I can't quite remember what I did to fix it. Such is the life of a constant tinkerer. :-)
Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/