ssh problem with pkgs.fedoraproject.org
Chris Adams
linux at cmadams.net
Wed Jun 11 16:08:37 UTC 2014
Once upon a time, Jerry James <loganjerry at gmail.com> said:
> On Wed, Jun 11, 2014 at 9:50 AM, Kevin Fenzi <kevin at scrye.com> wrote:
> > Usually the best thing would be to open a infrastructure ticket.
> >
> > I've hopefully fixed your IP too now tho. ;)
>
> This kind of problem is just going to keep happening to those of us
> with dynamic IP addresses from large ISPs. Plus, since there are
> multiple possible causes of the error message that gets generated as a
> result, it takes the poor sap who experiences the problem some time
> and difficulty to figure out that his IP address has been blocked at
> the server side. (I speak from experience.)
>
> I hate to say it, but maybe denyhosts shouldn't be used in this case.
Yeah, I've found fail2ban (where IP blocks are expired in a reasonable
time) to be a much better option than denyhosts. It is also "nicer" to
the server because you can block connections with iptables, rather than
forking sshd processes only to close the connection.
Also, if you want, you can configure fail2ban with escalating length
blocks (so "first offense" is 5 minutes, then "3 strikes" gets you an
hour, etc.).
--
Chris Adams <linux at cmadams.net>
More information about the devel
mailing list