View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions IPv6, ssh, and tcp-wrappers question
Log in to Ask a Question

IPv6, ssh, and tcp-wrappers question

networking

requisite info:

  • gentoo linux

  • kernel-2.6.12.3

I'm trying to implement denyhosts to monitor my linode to thwart ssh brute-force attacks. This program monitors your syslogs and creates entries in /etc/hosts.deny for offending hosts.

The IPv6 support in the kernel is seeming to cause problems. In my syslog, all of the IP addresses are being logged in their IPv6 form. Whenever I try and enter one of those addresses (either in their v4 or v6 forms) in my hosts.deny file, it doesn't actually block the host. I'm not really sure where the problem lies.

Any ideas?

6 Replies

I also run Gentoo on my Linode, with the same kernel. I run both IPv4 and IPv6 on the host, and have had v4 and v6 entries in TCP wrappers working ok. (Tested.)

What does your /etc/hosts.deny entry look like? Can you give an example?

It could look something like this:

sshd: [2001:499:23f::5e]

or

sshd: [2001:499:23f::5e]/120

First form is for a single IP (aka /128 in IPv6)

Second form is for a subnet (in this case, a /120 subnet, aka 256 hosts)

Make sure you do not have 'sshd: ALL' in your /etc/hosts.allow file or it will not check /etc/hosts.deny for sshd at all.

(See the man page for hosts.allow to see how it processes both file. It has some subtle behavior you need to be aware of.)

Also, what is the name of this program? It sounds interesting.

Sorry for the delay in my response…the program is called DenyHosts.

A masked ebuild has recently become available in portage for it. I unmasked it and have been using it on several servers for about a week now, and it's working perfectly.

@anderiv:

Sorry for the delay in my response…the program is called DenyHosts.

A masked ebuild has recently become available in portage for it. I unmasked it and have been using it on several servers for about a week now, and it's working perfectly.

Thanks!!!! I'm now sufficiently annoyed with all the silly ssh probes, and had been looking at my ssh log when I saw your post. :-)

You're welcome! Hope it works well for you.

@anderiv:

Sorry for the delay in my response…the program is called DenyHosts.

On seeing this post maybe a week ago, I decided to give it a try. It turned out to be amazingly easy to setup, cleans up after itself, and has been doing a great job.

I'm assuming you got your IPv6 issue worked out? If so, what turned out to be the issue?

Yes I did. I got it fixed long enough ago that I can't quite remember what I did to fix it. Such is the life of a constant tinkerer. :-)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct