I agree with both comments but recommend that you disable the ability of
root to login at all. Users can always su to root.
Howto here: (Fedora is /etc/ssh/sshd_config)
Am Mo, den 09.08.2004 schrieb Dave Rinker um 7:06:
> For those not familiar with swatch you can get it here:
>
http://swatch.sourceforge.net/
> Make sure you get 3.0.8 because "exec" was not working for me in the
> newer versions.
> #start
>
> watchfor /sshd.*: Failed password for root from/
> mail=myaddress,subject=Root_Login_Attempt
> exec /sbin/iptables -I INPUT -i eth0 -s $11 -d 0/0 -p tcp
> --dport 22 -j DROP
>
> watchfor /sshd.*: Illegal user/
> mail=myaddress,subject=Illegal_user_attempt
> exec /sbin/iptables -I INPUT -i eth0 -s $10 -d 0/0 -p tcp
> --dport 22 -j DROP
>
> #end
swatch is certainly a nice tool to automatically observe logfiles and
react on specific occasions. See i.e.
http://www.fedoranews.org/ghenry/swatch/
Short comment on above example by Dave: be careful to not exclude
yourself from access on a remote system! This is easily done with above
code: first case - you mistype your root's password; second case - you
mistype your username.
Alexander