SSH Daemon

Blocking SSH Access From Evildoers
One night, I looked through my, and much to my horror, I saw this:

Oct 10 15:36:44 servitor sshd[9414]: Failed password for illegal user george from 218.237.65.10 port 57450 ssh2 Oct 10 15:36:46 servitor sshd[9416]: Illegal user henry from 218.237.65.10 Oct 10 15:36:46 servitor sshd[9416]: error: Could not get shadow information for NOUSER Oct 10 15:36:46 servitor sshd[9416]: Failed password for illegal user henry from 218.237.65.10 port 57501 ssh2 ...

I did a whois on the evil dude and found out he was korean. Later in the log, I found one from USA:

Oct 22 11:07:15 servitor sshd[30399]: Failed password for root from 65.105.210.216 port 36773 ssh2 Oct 22 11:07:17 servitor sshd[30401]: Failed password for root from 65.105.210.216 port 36781 ssh2 ...

And a Czech:

Oct 22 19:59:01 servitor sshd[31635]: Address 80.95.118.29 maps to gw.omnimedia.cz, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT! Oct 22 19:59:01 servitor sshd[31635]: Failed password for root from 80.95.118.29 port 3753 ssh2 ...

It was clear that these bandits was trying to hack my poor server!

I would like to block any further attempts. There was no easy way of doing this at the moment, because I tend to log in from all sorts of places these days. However, all my logins are from within Denmark, so at least I could get the jump on the bastards above (i.e. limit the number of breakin attempts to the ones from Denmark)

So I created 2 files:

ALL: LOCAL ALL: .dk      <- no '*' wildcards!
 * 1) vim /etc/hosts.allow

ALL: ALL
 * 1) vim /etc/hosts.deny

It seems that  takes precedence over. You have to restart sshd to check that it works (keep a session open just in case you screw up :)

Note: Perhaps I should limit hosts.allow to .aau.dk instead - and then always login from there?