Re: SSHD: Limit login attempt rate
- From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
- Date: Thu, 24 Jul 2008 17:59:09 GMT
bmearns <mearns.b@xxxxxxxxx> writes:
I'm running an sshd on Fedora 8, and have recently been getting
swamped with people trying to log in (i.e., break in). It's configured
to only allow three authentication attempts per connection, but they
just keep reconnecting: probably some script kiddies with port
sniffers and password testers. Is there a way to configure it so that
there's a timeout after failed attempts? For example, if a particular
address tries and fails three times to authenticate, that address is
blocked for three hours, or something similar?
I have a script which looks at the logs and if it finds too many failed
login attempts from the same machine it puts the address into
/etc/hosts.allow with a deny flag
sshd: your.special.machine otehr.good.machine 192.168.0 :allow
sshd: bad.machine.com other.bad.machine 10.9.8.1 :deny
sshd: ALL :allow
sshd read through the table from teh top and the first rule applies. Thus
special machines are allowed from that first line. bad machines are denied
as is 10.9.8.1
and everything else is allowed. The script looks for bad logins and if
there are to many in say a week it puts the address into the deny line. I
just leave the addresses in there. I donot trust people who let their
machines be hijacked.
The first allow line is to make sure that you do not lock yourself out by
way getting the password wrong too often.
.
- Follow-Ups:
- Re: SSHD: Limit login attempt rate
- From: AZ Nomad
- Re: SSHD: Limit login attempt rate
- References:
- SSHD: Limit login attempt rate
- From: bmearns
- SSHD: Limit login attempt rate
- Prev by Date: Re: SSHD: Limit login attempt rate
- Next by Date: Re: SSHD: Limit login attempt rate
- Previous by thread: Re: SSHD: Limit login attempt rate
- Next by thread: Re: SSHD: Limit login attempt rate
- Index(es):
Relevant Pages
|
