[olug] Email a report on SSH

irish.masms irish.masms at gmail.com
Sat Apr 21 04:37:39 UTC 2012

On 4/20/12 9:14 AM, David Cannon wrote:
> 1.  I was looking into port security and came across "Knocking".  Has
> anyone used "Knocking" to open a port?
> 2.  Anyone know a good place to get information on the setting it up to
> email me when someone tries to log in? I want to know the originating IP
> address and the password they used.  Passwords will all fail but I would
> like to know if someone is foolishly trying to brute force it and where
> they are coming from.  I would like an email sent to me each time it
> happens.  I did find a couple sites detailing a way to email when someone
> logs in, but I am more interested in finding out when someone fails.

As already mentioned, a better solution than #2 is implement fail2Ban
and alternate port. But remember, where ever you are attempting access
from needs to have that port open; and you may be attracting attention
to yourself.

There was a presentation from a fellow OLUG member on port knocker,
though it was many years ago. Use a client to port knock/handshake with
the SSH server you are connecting to, which then knows to allow the
authentication process to start. With this, you would not have to worry
about moving ports.

More information about the OLUG mailing list