View previous topic :: View next topic |
Author |
Message |
gzaector Tux's lil' helper
Joined: 24 Nov 2002 Posts: 132 Location: 304
|
Posted: Tue Nov 26, 2002 7:21 pm Post subject: an sshd question |
|
|
ok, so i just got gentoo up and running today, and it is great, but now i have a question, i want to run sshd, so i edited sshd_config to the way i wanted it and tried to start sshd by typing sshd, and it said it couldnt load because i did not have keys, so how do i generate the ssh1 and ssh2 protocol keys? thanks a lot
-gza |
|
Back to top |
|
|
kashani Advocate
Joined: 02 Sep 2002 Posts: 2032 Location: San Francisco
|
Posted: Tue Nov 26, 2002 7:27 pm Post subject: sshd key problems |
|
|
use the init script to start sshd it will auto generate the keys for you. _________________ Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
Back to top |
|
|
rizzo Retired Dev
Joined: 30 Apr 2002 Posts: 1067 Location: Manitowoc, WI, USA
|
Posted: Tue Nov 26, 2002 8:10 pm Post subject: |
|
|
Yes you need to run:
Code: | /etc/init.d/sshd start
rc-update add sshd default |
The rc-update line isn't necessarily necessary, but it just tells sshd to start up when your gentoo box starts up in the future.
Basically the keys are created by the init script. You should always stop/start all your services via their init scripts anyway. |
|
Back to top |
|
|
Lockup Guru
Joined: 25 Jul 2002 Posts: 430
|
Posted: Tue Nov 26, 2002 8:20 pm Post subject: |
|
|
hmm well instead of making a new thread ill just ask here:
is there a way to ban a certain ip after X numbers of failed logins? |
|
Back to top |
|
|
rizzo Retired Dev
Joined: 30 Apr 2002 Posts: 1067 Location: Manitowoc, WI, USA
|
Posted: Tue Nov 26, 2002 8:29 pm Post subject: |
|
|
Hmm I'm not sure of a way to have openssh automatically ban IPs. Personally I wouldn't do it anyway because who is to say that you might not fat finger it a couple of times and end up banning a perfectly good IP.
usually tells about your sshd options. I didn't see anything in there about what you want.
You could probably write a script to scan your auth.log for failed login attempts and store them in a flat file and manually or automatically drop the highest offending IPs via iptables or something. |
|
Back to top |
|
|
Lockup Guru
Joined: 25 Jul 2002 Posts: 430
|
Posted: Tue Nov 26, 2002 8:53 pm Post subject: |
|
|
hmm yeah, i could do that
theres a few little probs with that though, i dont know how to script, i dont know iptables much(tried monmotha a bit but i didnt like it at all, not flexible enough...still trying to find a decent manual) |
|
Back to top |
|
|
|