Re: SSH Blocking
From: Dave Ewart (davee_at_sungate.co.uk)
Date: 04/25/05
- Previous message: michael: "Re: history of system"
- In reply to: Nick Miller: "SSH Blocking"
- Next in thread: Radu Brumariu: "Re: SSH Blocking"
- Reply: Radu Brumariu: "Re: SSH Blocking"
- Reply: Paul Johnson: "Re: SSH Blocking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 25 Apr 2005 15:50:16 +0100 To: debian-user@lists.debian.org
On Monday, 25.04.2005 at 09:42 -0500, Nick Miller wrote:
> I maintain a couple of exim mail servers on the Internet and I have
> noticed that a lot of people will try to gain access to these machines
> by trying multiple SSH logins with all sorts of names. I am wondering if
> there is an option in SSHD to block an IP after a certain amount of
> failed login attempts as any user?
There are, but it may be simpler to change the port that SSH listens on.
The behaviour you're seeing is likely not actually "people", but an
automated scan of some sort. Changing SSH port is 'really' more secure
(obscurity and all that), but it's an extra layer and, if nothing else,
stops your logs getting cluttered with all the failed logins ...
Dave.
-- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- application/pgp-signature attachment: Digital signature
- Previous message: michael: "Re: history of system"
- In reply to: Nick Miller: "SSH Blocking"
- Next in thread: Radu Brumariu: "Re: SSH Blocking"
- Reply: Radu Brumariu: "Re: SSH Blocking"
- Reply: Paul Johnson: "Re: SSH Blocking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
