sssh (secure ssh)

why do you need it? don't know, why do/don't you need fail2ban and all the other bad-login-ban-scripts?
the reason why I wrote sssh is simple. all those botnets and nessus clients around there were spamming my sshd and my cpu had no time to idle any longer, so I had to choose between powering down the machine or doing some IP banning. the second choice brought me to fail2ban first, which is a nice program and did what it should. but it's a bit buggy and too bloated for my needs, so I decided to do a quick-hack-perl-script which bans the bad IPs for some time.
after coding and playing around with iptables and perl, I noticed this task wasn't as simple as I thought it would be. it got a bit more complex than expected. however, it was a nice experience boost in perl programming.

sssh is quite simple, yet it's quite configurable.
you can tell sssh which logfile to observe, which port to protect and how a bad login attempt looks like, so it should run for other services than ssh. haven't tested it yet, but it should.
of course, you can tell sssh after how many bad attempts and for how long a host should be banned
you can, thanks to fail2ban for that idea, let sssh send you a mail when it has (un)banned an IP, with an optional whois-query.
last but not least you can, and should, set some hosts, which are ignored, so you won't ban yourself accidentally from your remote server

dependencies:

• kernel support for inotify (CONFIG_INOTIFY is needed, maybe also CONFIG_INOTIFY_USER)
• kernel support for iptables (CONFIG_NETFILTER, CONFIG_IP_NF_IPTABLES, CONFIG_IP_NF_FILTER, CONFIG_IP_NF_TARGET_REJECT are needed, maybe some more options)
• perl - I tested it with 5.8.8, but some older versions should also work
• the Linux::Inotify2 perl module, I'm using version 1.1 here

installation:

for gentoo users:

assuming that your portage-overlay folder is /usr/local/portage/ do the following as root:

cd /usr/local/portage
mkdir app-admin
mkdir dev-perl
cd app-admin
svn co https://svn.keksbude.net/repos/keks-overlay/app-admin/sssh/
cd ../dev-perl
svn co https://svn.keksbude.net/repos/keks-overlay/dev-perl/Linux-Inotify2/
# for paludis-users
paludis --regenerate-installable-cache
paludis -pi sssh
# for portage-users
emerge -av sssh

follow the instructions the sssh ebuild gives after emerging.

for other users:
install the Linux::Inotify2 perl module from cpan or with your package manager.
copy the sssh script from the sssh 0.1 tar.bz2 package to /usr/bin/, then do something like the following:

mkdir /etc/sssh/
mkdir /var/log/sssh/
/usr/bin/sssh -n /etc/sssh/22.conf
		  

you need to edit the /etc/sssh/22.conf, or sssh won't start.
the sssh config file is a piece of perl code, which is evaluated in the script, so you could - if needed - do things like $bantime= 60*60*2;.
I think there are enough comments in the config file itself, so it is quite self explanatory.
also the options in the gentoo /etc/conf.d/sssh file shouldn't need an explanation. just follow the info given after emerging sssh
to start sssh just run sssh -c /etc/sssh/22.conf. gentoo users just need to do /etc/init.d/sssh.22 start

• sssh 0.1 tar.bz2 package
• sssh 0.1 ebuild
• Linux::Inotify2 1.1 ebuild

the ebuilds can also be downloaded from the keksbude gentoo overlay(subversion repository) here, browsed here, or you can use subversion directly.
do

svn co https://svn.keksbude.net/repos/keks-overlay/

to checkout our whole gentoo overlay, or something like:

svn co https://svn.keksbude.net/repos/keks-overlay/app-admin/sssh/

to just checkout sssh.