Hi,
The software is an elegant security solution, just pity it's not applicable to SSH2. The reason is that the SSHD2 daemon splits its messages into multiple log lines. A typical example:
sshd2[PID]: connection from "1.2.3.4"
sshd2[PID]: WARNING: DNS lookup failed for "1.2.3.4"
sshd2[PID]: password authentication failed. Login to account admin not allowed or account non-existent.
In the above case, 1.2.3.4 is trying out possible passwordless accounts and should therefore be banned. Since SSH2 is, for security reasons, widely preferred over the previous protocol version (SSH1), the software would gain from being able to parse this kind of output.
Travel Travel reports, it is all about food
Montreal: Schwartz's, Le Petit Alep
Albums: Pictures and some notes
ITRANS Song Book Hindi, Urdu, Marathi song lyrics
Online ITRANS Web Interface
BlockHosts block hosts
BlockHosts FAQ
BlockHosts Forum
CD Inserts & Envelopes Web Interface
Nisha Ganatra's Films
Cake: starring Heather Graham
Email: avinash@aczoom.com
Copyright © 1995-2016 Avinash Chopde, avinash@aczoom.com
would be tough... try OpenSSH?
Parsing multi-line logs would be tough, will have to depend on PID to match up all the lines, and then do a search.
But, alternately: I did a quick search on sshd2 - who makes that? It does not seem to be open-source?
To get the security of SSH Protocol 2, you can use the OpenSSH package. Its log files are parsed by the current rules in blockhosts, and it does put the IP address in each failure line.