1

I saw this post:

Cygwin SSHd Autoblock Failed Logins

And I tried to implement it but I'm getting no results. Of course, it probably is me but before I went further I wanted to know if anyone has it running on Windows 2008R2?

Also, anyone have any other suggestions for this type of program? I'd prefer a decent program that doesn't have a heavy price tag. This is a small private server that I do not have the option to put a hw firewall on.

Thanks!

== IN RESPONSE TO EVAN ==

ok I updated the program and it's giving me this message in the event log:

Service sshd_block received unsupported INTERROGATE control, which will not be handled.

I've gotten about 60 of these events in 5 minutes. I assume this is the check interval?

The program is stored here:

d:\Skydrive\Eric_Sys\firewalllogin\

the contents:

07/21/2009  06:38 PM             9,272 LICENSE
12/01/2012  11:04 PM           167,424 nssm.exe
01/20/2010  02:36 PM             8,699 README.txt
03/06/2013  01:36 PM             1,357 register_sshd_messages.cmd
01/20/2010  02:21 PM            13,021 sshd_block.vbs
09/25/2008  02:49 PM            12,288 sshd_messages.dll
03/06/2013  01:35 PM    <DIR>          sshd_messages_source

in case you wanted it.

My registry settings:

enter image description here

Community
  • 1
ErocM
  • 252
  • 7
  • 22

1 Answers1

2

I wrote the sshd_block script. It looks like I did test on Windows Server 2008 R2 and it did work. (As of 2010-01-20, at least.)

If you can provide some details about what problems you're seeing with it I can probably offer some ideas, too. The command lines to install the thing are somewhat awkward because of the need to escape characters.

Edit:

The "...unsupported INTERROGATE control, which will not be handled." is an NSSM problem. Apparently version 2.16 has a "known bug" associated with this (http://nssm.cc/bugs). I haven't run into it personally and I'm shocked that you're getting so many of them.

It looks like your parameters are fine. Mocking that up on my Windows 7 x64 SP1 laptop I'm seeing that the script is starting fine. Are you getting an event ID 1 sourced from "sshd_block" indicating that the script has started properly?

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • I believe I have it running now, it was me running it from the explorer menu. Reread your notes and it said to use script, so I did and it ran. Now I'm getting a message when I try to create the service: The description for Event ID 0 from source nssm cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. Can't start service: error code 3. Any ideas? – ErocM Mar 06 '13 at 22:12
  • If you would, go grab an updated copy of NSSM (from http://nssm.cc/download/?page=download) and update your copy. You don't need to reinstall the service, but you should get cleaner looking error messages from that. "Error code 3" means "PATH_NOT_FOUND", so I feel like NSSM isn't finding `cscript.exe`. Can you dump out your `HKLM\System\CurrentControlSet\Services\sshd_block\Parameters` registry key and add it as an edit to your question. Finally, what is the path you installed the sshd_block.vbs script into? – Evan Anderson Mar 06 '13 at 22:29
  • Yes it does show it started. I assume you are done here then? :) – ErocM Mar 06 '13 at 23:10
  • Yep. Test it out and see if it blocks. – Evan Anderson Mar 06 '13 at 23:32
  • k tyvm for the script! – ErocM Mar 06 '13 at 23:41