| Summary: | denyHosts, package to secure SSH | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | DariuszSki <linuxstuff> |
| Component: | New RPM package request | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | critical | ||
| Priority: | High | CC: | cooker, davidwhodgins, email, juergen.harms, marja11, stormi-mageia, sysadmin-bugs, tavvva, tmb, ueberall |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | Mageia 2 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://denyhosts.sourceforge.net/index.html | ||
| Whiteboard: | Mdv MGA1TOO, MGA2TOO, has_procedure MGA1-32-OK MGA2-64-OK MGA2-32-OK | ||
| Source RPM: | denyhosts | CVE: | |
| Status comment: | |||
|
Description
DariuszSki
2011-06-11 11:24:16 CEST
Markus Ueberall
2011-06-18 09:40:53 CEST
CC:
(none) =>
ueberall @ D Ski Please be as kind as to put an upstream link to the package in the URL field CC:
(none) =>
marja11 Setting version to cauldron to improve the chance that someone will package it. When it is in cauldron, it'll be in the next stable release after that, but it is also possible to reopen this request for Mga 1, then. Version:
1 =>
Cauldron
Dick Gevers
2011-12-08 17:40:27 CET
URL:
(none) =>
http://denyhosts.sourceforge.net/index.html
Dan Joita
2012-02-25 21:44:39 CET
CC:
(none) =>
djmarian4u
Dan Joita
2012-02-25 21:51:58 CET
CC:
djmarian4u =>
(none) Submitted to Cauldron Status:
NEW =>
RESOLVED Hello everyone. I just upgraded one of my servers to Mageia 2 and missing denyhosts is a pretty nasty surprise. I can't imagine running any server without denyhosts. NEVER EVER!!! It's as important as the SSH server itself. In my case it usually blocks more than 10 attacks each day. This definitely needs to be added into Mageia 2 too, without excuse! Please, build the package for mga2. Thanks in advance. Regards, Jaromir. Priority:
Normal =>
High In the meantime, you may want to use fail2ban. CC:
(none) =>
davidwhodgins Jaromir, you are a packager no ? So feel free to package it for mga1 and mga2 since it fallow the exception for package in mdv 2010.2 but missing in our distrib https://wiki.mageia.org/en/Updates_policy#Version_Policy Version:
Cauldron =>
2 Hi guys. Since I was in hurry with the server upgrade, I built the package locally from the cauldron sources. I believe I can do the official builds for MGA1/MGA2 if the package lacks a maintainer. No problem ... J. I'm the maintainer, so I'll do it.. :-)= Status:
REOPENED =>
ASSIGNED Note to QA: This is a noarch package Suggested advisory: =================== This update adds denyhosts, a script to help thwart ssh server attacks, that was present in Mandriva 2010.2, but missing from Mageia. =================== Updated packages in mga1: =================== denyhosts-2.6-2.1.mga1 Updated packages in mga2: =================== denyhosts-2.6-2.2.mga2 How to test: Install it. Perform 11 or more unsuccessfull ssh logins. About a minute after the 10'th or 11'th unsuccessfull login attempt, your IP is blocked in /etc/hosts.deny. Assignee:
johnny =>
qa-bugs Thanks Johnny.
Samuel Verschelde
2012-08-13 12:47:55 CEST
CC:
(none) =>
stormi I tried to test denyhosts on Mageia 2 (x86-64). No problem installing it, no regression doing ssh from a client, but I did not manage to trigger the failure mechanism (making a client with more than 10 consecutive ssh login failures appear in /etc/hosts.deny): For testing, I had removed .ssh/authorized_keys from my home directory on the server, and than tried to login with ssh from a client, more than 10 times. Each login tentative falls through to interactive (password) authentication and fails, as it should, after 3+2 iterations with: "Received disconnect from 192.168.0.10: 2: Too many authentication failures for harms" (192.168.0.10 is the machine with the ssh server) I repeated ssh 12 times and waited a couple of minutes - /etc/hosts.deny still contains the original default comment lines, no entry denying access from the client was added. I checked in /var/log/denyhost on the host: the contents look "normal", each tentative is logged, but there is no indication of threshold transgression. Is there a problem in my test procedure? CC:
(none) =>
juergen.harms Did you actually Start the program? "/etc/init.d/denyhosts start" (In reply to comment #12) > Is there a problem in my test procedure? Looks like it. From my /etc/hosts.deny ... # DenyHosts: Mon Aug 13 19:35:15 2012 | sshd: 192.168.10.102 sshd: 192.168.10.102 I installed and started denyhosts on a Mageia 1 i586 guest, then created a new user on the host, and repeatedly tried to ssh into the guest until it responded with "Connection closed by remote host", instead of asking for a password. Testing complete on Mageia 1. I'll test Mageia 2 shortly. Testing complete on Mageia 2 (x86-64). Could someone from the sysadmin team push the srpm denyhosts-2.6-2.2.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm denyhosts-2.6-2.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: This update adds denyhosts, a script to help thwart ssh server attacks, that was present in Mandriva 2010.2, but missing from Mageia. Keywords:
(none) =>
validated_update > did you actually Start the program?
I did not, that explains. I got trapped by the difference between "the program" and "the service" - had concluded that having /var/log/denyhosts.log being correctly filled implied that "everything" is running.
I now also checked: the denyhosts service correctly shows up in the list displayed by drakxservices and is flagged to start on boot.
I will now do the testing on Mageia 1
Testing complete on Mageia 2 ( i586) Whiteboard:
Mdv MGA1TOO, MGA2TOO, has_procedure MGA1-32-OK MGA2-64-OK =>
Mdv MGA1TOO, MGA2TOO, has_procedure MGA1-32-OK MGA2-64-OK MGA2-32-OK Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0164 Status:
ASSIGNED =>
RESOLVED |