Unfortunately, until a login attempt is tried & fails, there's no way to
restrict somebody like that. Looking up the UAF record to validate the
username is done as part of the authentication, and that's done after
the system-level authentication is done.

What you can do is to restrict addresses in SSH or you can put in packet
filters in MultiNet itself, if you know what addresses these are confined

At 01:28 PM 5/19/2005, Roy Shishido wrote:
>Has anyone come up with a simple way to restrict users access via Multinet
>5.0 SSH2 to only those with user accounts?
>We keep getting bombarded with the brutessh attacks and since these
>attempts are not recorded in the security log, would like to reduce/stop
>the unnecessary sshd.log files (although these logs are helpful in
>determining the source IPs).
>Roy T. Shishido
>Aeroflightdynamics Directorate
>NASA Ames Research Center
>Building N-219, MS 219-1
>Moffett Field, CA 94035-1000
>Phone: 650.604.6084/DSN 359.6084
>Fax: 650.604.5156

| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who don't." |
| http://www.process.com | |